Security Event and Incident Management (SEIM) refers to cyber security products and services that provide real time analysis, monitoring, and alerting on security logs and generated by applications, hosts, and network devices. SEIM solutions do this by collecting these disparate logs, normalizing the data, and running the logs entries through complicated algorithms that tease out interesting patterns of behaviors that require human research and confirmation. SEIM solutions are purchased as software, appliance, or managed services solutions.
An additional benefit of these products is the forensic trail they create by logging cyber security data to a non-rewritable database which can generate compliance reports.
Related Terms: Security Operations, Security Operations Center (SOC)
Source: “SIEM: A Market Snapshot”
SIEM services operated by an SMB for themselves are often too costly to implement. However, new service providers known as Managed Security Service Providers are gaining traction in the largest SMB’s (SMB’s in heavily regulated industries such as defense contractors). If you are obligated to perform this monitoring as part of compliance to DFARS, ITAR, or even the newest CMMC requirements, you might consider looking into some of the MSSP vendors out there.
Additional Reading: Managed Security Service Providers Wiki
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Welcome to our two-part blog series on Microsoft’s new email security enhancement now included in Office 365 P1...
Read more
"Being an MSP today is like wearing a neon sign that says, ‘Hack me! I’m the gateway to 100...
Read more
Ever had your phone suddenly lose service for no reason, followed by a flood of “reset your password”...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
