6 Things You Should Know About Choosing a SIEM Solution

So many names. It always reminds me of the line from The Devil’s Advocate when Pacino says “Oh, I have so many names.” Security Information Management, Security Information and Event Management, SIM, SIEM, Log Management, Log Aggregation. If you really like to use buzz words you could call this Big Data for Security.

This technology can be great. If implemented correctly you can find security and fault management issues in your environment as they are happening rather than trying to figure out if something has happened hours or months later, which is usually what happens if noticed at all. If you are not familiar with the technology, the basic concept is to configure all networked elements to forward events to the SIM. This allows you to:

  • Centralize events – if everything is in one place it’s much easier to search for something.
  • Normalize events – if the format of the events is the same we can actually search for things.
  • Search events – perhaps everything for a period of time or for an IP address or username.
  • Report on events – provide executive summaries on security and fault issues on a regular basis.
  • Correlate events – configure some logic so that if certain events happen within a specified period of time an alert of some sort can be generated.
Keep reading for the 6 factors that will make sure your SIM project is a success.

[Read more…]