What Are The Fundamental Principles Of Siem?

1679 WordsSep 17, 20167 Pages
A SIEM system takes logs and events from the multitude devices and processes within a business network and allows them to be centralized for near or at real-time analysis allowing personal to take appropriate actions in response to an incident or event. These processes include the system logs, event logs, audit trails and transactional records. In lieu of a SIEM system each of these logs, audit trails and records would need to be individually evaluate. In addition to allowing prompt response to security related events, this centralized collection also provides for reporting to management to achieve legal compliance within the designated framework of an organization. What are the underlying principles of SIEM? The underlying principle of a SIEM system is that data is generated throughout the enterprise and being able to gather this data in a single location enabling the identification of trends and out of the ordinary patterns is critical to the security of the enterprise. What is the SIEM Process? The processes that are implemented in a SIEM product may be its most important feature and without the proper processes, any investment into a SIEM product is wasted. (Chuvakin, On SIEM Processes/Practices, 2012) There are a number of processes that are required for any SIEM product to function, but core to the usefulness of a SIEM product is that these processes must be tuned for the enterprise environment it will operate within. These core processes include; • Collector and log
Open Document