Security Information and Event Management technology is driven by compliance and security needs in enterprise. Another factor for its use is for monitoring activity from different applications/devices/technology software’s for internal and external threat and fraud detections. The output form these technology can be used for automation of IT to meet Compliance and Risk Management needs.
Compliance management can be achieved from log management capability of SIEM technology and it is known as Security Information Management (SIM). This involves collection of logs from various devices/applications in the enterprise to a central location, analyze log data and provide the capability to generate useful reports meeting compliance requirements. The generated reports can be mapped to the IT procedures in organization as first step in achieving It automation. As SIM is compliance oriented it is also a means to store and archive logs for later investigations and for data retention requirements.
Risk management can be achieved from real-time monitoring and incident management capability of SIEM technology and its known as Security Event Management (SEM). This involves collection of events from various devices/applications within scheduled short intervals, correlating the related events, applying filters if required and generating alerts which can be monitored for analysis and addressed with in short duration of time.
Exploiting the capabilities from data mining and analytics to meet SIEM requirements is now the vision of some of the leading SIEM technology vendors. It’s evident that having SIEM technology which can scale, collect data from all applications, meet regulatory compliance reporting requirements, improve threat management and incident response capabilities is essential factor for automation of Compliance and Risk Management in enterprises now and in future.
