Security Event and Incident Management (SEIM)

Security Event and Incident Management (SEIM)

 

Security Event and Incident Management (SEIM) refers to cyber security products and services that provide real time analysis, monitoring, and alerting on security logs and generated by applications, hosts, and network devices. SEIM solutions do this by collecting these disparate logs, normalizing the data, and running the logs entries through complicated algorithms that tease out interesting patterns of behaviors that require human research and confirmation.  SEIM solutions are purchased as software, appliance, or managed services solutions.

An additional benefit of these products is the forensic trail they create by logging cyber security data to a non-rewritable database which can generate compliance reports.

Related Terms: Security Operations, Security Operations Center (SOC)

Source: “SIEM: A Market Snapshot”

What does this mean for an SMB?

SIEM services operated by an SMB for themselves are often too costly to implement.  However, new service providers known as Managed Security Service Providers are gaining traction in the largest SMB’s (SMB’s in heavily regulated industries such as defense contractors).  If you are obligated to perform this monitoring as part of compliance to DFARS, ITAR, or even the newest CMMC requirements, you might consider looking into some of the MSSP vendors out there.

Additional Reading: Managed Security Service Providers Wiki

To learn more about this topic, watch this short video:

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.