Security Information and Event Management
SIEM or Security Information and Event Management has been mentioned a few times in the earlier sections and is gaining tremendous traction in security monitoring as the central intelligence of security operations. The primary benefit of SIEM is the ability to assimilate security and log data from disparate systems, analyze it all, and provide correlated output to security analysts.
Up to this point, disparate systems and their unique monitoring capabilities have been discussed, but those are all single intelligence, incomplete views of the complete flow of traffic as it traverses a network. A firewall, for instance, only inspects what is coming and going at the edge of the network, but has no cognizance of actions taken on a system for traffic permitted by policy. The SIEM solution (provided all logs are forwarded to it) will have a complete view of not only the permitted firewall traffic, if logged, but also what actions were taken on the target...
