SecureData Logo

Security Information Event Management

Overview

To explain Security Information and Event Management (SIEM) in simple terms, it is a working solution that provides real-time analysis of security alerts generated by network hardware and applications enabling a business to respond more quickly to attacks, log security data and also provide reports for compliance regulations. SIEM Technology is generally made up of the four major elements listed below:

  • Central log and event collation
  • Event reduction process
  • Prioritised alerting
  • Management and real time reporting

SIEM products are solutions that can automatically start analysing logs from a wide variety of sources and are vendor agnostic with respect to the source events. Any device in an Endpoint/Server/LAN/WAN deployment can create events; these events are collated at the central SIEM device and processed in several ways.

A high level of visibility and analysis is now paramount for many businesses where security events, logs, network context, vulnerability and identity data have to be viewed, understood and acted upon, as part of a proactive security posture. SIEM solutions can be configured to detect threats, network behaviour, network anomalies, performance anomalies, device failure, and policy violations.

Market Trends

SIEM technology has been around for a considerable length of time. Many larger businesses and global organisations have depended upon these systems to manage the events from larger number sites and a wide variety of products. Businesses have for a long time had installations of technologies in the following areas:

  • Perimeter security
  • Vulnerability testing and management
  • Intrusion detection and prevention
  • Data loss prevention
  • Anti-spam and anti-virus
  • Web filtering  and border gateway monitoring
  • Host log monitoring

The systems above in their own right can produce a huge number of events and almost dictate that SIEM solutions are a requirement rather than a ‘nice to have’.

Current market trends have shifted in the firewall space and many of those leading vendors whose firewalls were traditionally performing only firewall functionalities now have Unified Threat Management (UTM) or Next Generation features which incorporate a number of the technology areas listed above. SIEM has therefore become a very valid technology to deploy to any size of ‘multi-site’ or ‘multi-vendor’ environment where the focus on having visibility in ‘one pane of glass’ for all events as well as providing an overview of security performance is required. 

Solution Benefits

SIEM solutions have a very high impact on a number of areas of management of LAN/WAN topologies, and there are many associated benefits:

  • Helps in changing operational support from a ‘reactive’ to a ‘proactive’ model by providing a consolidate view of security and network infrastructure
  • Forms part of the solution for many regulatory compliance requirements for logging and monitoring including PCI-DSS, SOX, ISO 27001 and HIPAA
  • Increased visibility of log and event information across the entire estate
  • Increased and consolidated network wide management reporting
  • Decreased time to detect alerts and events
  • Additional correlated information regarding alerts is available to operations staff resulting in decreased time to resolution
  • Maximising  effectiveness of the existing estate security and  infrastructure devices
  • Lowering operational overheads on network wide security and risk management
  • Lowering total of ownership of existing security and network systems

Why SecureData?

SecureData is the largest Independent security service provider in the UK and offers a wide range of technologies and services.  We have specifically worked with Security Information and Event Management Technology for many years, though traditionally in the early days this was mainly log management and we have seen this transform into the SIEM technology that is currently available today. Through extensive and continuous research of this market are able to offer a variety of technologies to suit your requirements.  The technologies that we offer are seen as ’best of breed’ within the security market and have been selected not only because of the features they offer but also because of the vendors’ commercial offerings, ability to provide global support, ability to include new features and support future trends.  We invest time in not only choosing the correct technologies to sit within our portfolio, but also in Sales and Technical training so that not only are we able to supply the correct technology to suit your requirements but are also able to offer Professional Services for Implementation and Training backed up by either a supported, monitored or managed service. We achieve the highest levels of technical and commercial accreditations with all those vendors that sit within our product portfolio

©2013 Secure Data