Contributing Writer, CSO
Evolving beyond its log-management roots, today’s security information and event management (SIEM) software vendors are introducing machine learning, advanced statistical analysis and other analytic methods to their products.
What is SIEM software?
Security information and event management (SIEM) software gives enterprise security professionals both insight into and a track record of the activities within their IT environment.
SIEM technology has been in existence for more than a decade, initially evolving from the log management discipline. It combined security event management (SEM) – which analyzes log and event data in real time to provide threat monitoring, event correlation and incident response – with security information management (SIM) which collects, analyzes and reports on log data.
How SIEM works
SIEM software collects and aggregates log data generated throughout the organization’s technology infrastructure, from host systems and applications to network and security devices such as firewalls and antivirus filters.
The software then identifies and categorizes incidents and events, as well as analyzes them. The software delivers on two main objectives, which are to
- provide reports on security-related incidents and events, such as successful and failed logins, malware activity and other possible malicious activities and
- send alerts if analysis shows that an activity runs against predetermined rulesets and thus indicates a potential security issue.
Enterprise need for better compliance management drove much of the early adoption of this technology, says Paula Musich, research director at Enterprise Management Associates (EMA), a market research and consulting firm based in Boulder, Colo.
“Auditors needed a way to look at whether compliance was being met or not, and SIEM provided the monitoring and reporting necessary to meet mandates like HIPPA, SOX and PCI DDS,” she says, referring to the Health Insurance Portability and Accountability Act, the Sarbanes–Oxley Act and the Payment Card Industry Data Security Standard.
However, experts say enterprise demand for greater security measures has driven more of the SIEM market in recent years.