Security Event and Incident Management (SEIM) refers to cyber security products and services that provide real time analysis, monitoring, and alerting on security logs and generated by applications, hosts, and network devices. SEIM solutions do this by collecting these disparate logs, normalizing the data, and running the logs entries through complicated algorithms that tease out interesting patterns of behaviors that require human research and confirmation. SEIM solutions are purchased as software, appliance, or managed services solutions.
An additional benefit of these products is the forensic trail they create by logging cyber security data to a non-rewritable database which can generate compliance reports.
Related Terms: Security Operations, Security Operations Center (SOC)
Source: “SIEM: A Market Snapshot”
SIEM services operated by an SMB for themselves are often too costly to implement. However, new service providers known as Managed Security Service Providers are gaining traction in the largest SMB’s (SMB’s in heavily regulated industries such as defense contractors). If you are obligated to perform this monitoring as part of compliance to DFARS, ITAR, or even the newest CMMC requirements, you might consider looking into some of the MSSP vendors out there.
Additional Reading: Managed Security Service Providers Wiki
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...
Read more
A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...
Read more
Welcome to CyberHoot's May Newsletter! This month, we're spotlighting key developments in the cyber threat...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
