Security Event and Incident Management (SEIM) refers to cyber security products and services that provide real time analysis, monitoring, and alerting on security logs and generated by applications, hosts, and network devices. SEIM solutions do this by collecting these disparate logs, normalizing the data, and running the logs entries through complicated algorithms that tease out interesting patterns of behaviors that require human research and confirmation. SEIM solutions are purchased as software, appliance, or managed services solutions.
An additional benefit of these products is the forensic trail they create by logging cyber security data to a non-rewritable database which can generate compliance reports.
Related Terms: Security Operations, Security Operations Center (SOC)
Source: “SIEM: A Market Snapshot”
SIEM services operated by an SMB for themselves are often too costly to implement. However, new service providers known as Managed Security Service Providers are gaining traction in the largest SMB’s (SMB’s in heavily regulated industries such as defense contractors). If you are obligated to perform this monitoring as part of compliance to DFARS, ITAR, or even the newest CMMC requirements, you might consider looking into some of the MSSP vendors out there.
Additional Reading: Managed Security Service Providers Wiki
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Remember Heartbleed? That security nightmare from a few years back that made everyone panic about their...
Read more
Remember 2020? We scanned QR codes for everything. Restaurant menus. Parking meters. That awkward moment at a...
Read more
Phishing emails used to be easy to spot. Bad grammar. Weird links. Obvious scams. Those days are...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
