Hello,
Could you please explain to me what is the difference between security information and event management???
Best Regards,
Marco
-
SIEM ( security information and event management)
-
@Marco-Salameh great question, SIEM systems bring large amounts of security-related information into a single interface. Consolidation of this information allows security teams to have real-time (and/or near real-time visibility) of security systems and their current state. Security information and event management are a part of the same system, for instance let's tackle security information first, we need to be able to identify current CVE (Common vulnerabilities and Exposures) out there? Off the top of my head I do not know, but if we had this "security information" we would be informed:
But we might not have systems that are effected by every vulnerability in the wild, so how to we find out about the CVEs that do effect our systems. Here is another benefit of a SIEM, we can add the systems we do have and find out the information such as CVEs and CVSS (Common Vulnerability Score System) that categorizes these vulnerabilities based on a severity level. How about the event management side of the technology? Well we can add sensors to the systems we have and when an "event" or "security violation" occurs, we are made aware of it through alerts. We can go a step farther and add automated responses/countermeasures/controls to mitigate the damage of the events (the management side of the SIEM). A SIEM is/are a very powerful system(s) to manage security systems across large enterprise environments. I hope this helps.
-
@wes-bryan
I do thank you for your reply, It is clear.
Best Regards,
Marco
