Understanding SIEM
Security Incident and Event Management (SIEM) is a process that helps cyber security implementation by gathering security-related information (network and application logs for example) at a centralized location or tags those information assets at the edge (the location where the data is generated in the case of IoT) and uses this information for identification of anomalies which indicates breaches to the security infrastructure of an enterprise.
The SIEM also facilitates continuous monitoring of the security infrastructure by providing intuitive visualization dashboards. SIEM as a process is implemented as a suite of software which is governed by enterprise security with role-based access control. The common characteristic features of the SIEM system are depicted in the following diagram:
Figure 11.9 Features of the SIEM system
The SIEM software application needs to support the basic building blocks as follows:
- Data Collection: The SIEM software should support a variety of...