What is SIEM?

History of Security Information and Event Management

In order to understand the point where SIEM has reached today, it is necessary first to understand the improvement process of SIEM. Like most cybersecurity technologies, the history of SIEM is not very old.

Security information and event management (SIEM) is a technology that started to develop in the early 2000s of this century in the form of either a security information management (SIM) solution or a security event management (SEM) solution. The systems during this initial phase from 2000 to 2005 provided basic log aggregation across different system types along with basic event correlation techniques. These systems relied only on known threat attacks to detect an attack. Hence, they were completely unable to deal with zero-day attacks on an organization’s systems.

Gartner Inc. analysts used the phrases SIEM in the 2005 report, "Improve IT Security with Vulnerability Management." In the report, the analysts suggest a new security information system based on SIM and SEM.

Built on old log collection management systems, SIM started reporting on long-term storage analysis and log data. SIM also integrated the logs with threat intelligence. SEM emphasized identifying, collecting, monitoring, and reporting security-related events in software, system, or IT infrastructure.

Later, cybersecurity vendors created SIEM by combining SEM, which analyses log and event data in real-time, providing threat monitoring, event correlation, and incident response, with SIM, which collects, analyses, and reports on log data.

What is SIEM?

SIEM stands for security information and event management and provides organizations with next-generation detection, analytics, and response. SIEM approach has been initially evolving from the log management discipline. SIEM software gives enterprise security professionals both insight into and a track record of the activities within their IT environment.

SIEM technology is a combination of security event management (SEM) which analyses log and event data in real-time to monitor threats, event correlation, and incident response with security information management (SIM) which collects, analyses, and reports log data.

The basis of every SIEM structure is to combine relevant data from multiple sources, identify deviations from the standards and take appropriate action. For example, when a possible threat is detected, SIEM software can log additional information, generate an alert, and utilize other security controls to stop an activity.

That is, SIEM service locates events against rules and analytics engines and indexes these events for sub-second search to detect and analyze advanced threats using globally gathered intelligence. This threat intelligence process provides security teams with data analysis, event correlation, aggregation, reporting, and log management, providing both aspects and tracking records of activities in IT environments.

SIEM software can have various features and benefits, including:

• Consolidation of multiple data points
• Custom dashboards and alert workflow management
• Integration with other products