What?

What is SIEM?

SIEM stands for Security Information and Event Management.

SIEM is a Log Management solution that aims to gather log information from as many sources as possible in order to create an overview.

SIEM solutions can be configured to collect Log data from both hardware and software, and in this way to keep track of what happened when and where, and what data was accessed. This may be log information from a web server, a firewall and a switch, and in this way gather information about a possible attack and to make it more manageable to take decisions, or to keep track of a possible attack on the company's website, and might find it before the attacker does damage.

Why?

Why is a SIEM solution necessary?

A SIEM solution is a good way to create a quick overview of what is happening on your servers, applications and hardware by collecting log information from all of them in one place, and make this searchable.

A really good SIEM solution can help to detect an attack in time, when it is analyzing the log data in real time, thus stopping a potential data loss.

How?

How does a SIEM solution work?

A SIEM solution works by collecting all the log information from the different log sources and converting it into a common log format, and then indexing this data.

A good SIEM solution will also look for know attack patterns in the logs, and based on this raise an alarm so the security responsible personnel can take action on an attack before the attacker does any harm to the company's data.

Who?

Who should use a SIEM solution?

Any company with several servers, services and hardware solutions should look at an SIEM solution to get a central overview about what is happening on these.

If a company want to protect it Data it should consider a good SIEM solution to help in the protection of their Data, and then their costumers and their revenue.