What Is Security Information And Event Management (SIEM)?

December 2021 | Michael Wetherald

What is SIEM?

The purpose of Security Information and Event Management (SIEM) is to aggregate relevant security data from all available sources in order to quickly identify security events.

What are the benefits of a SIEM?

As your organization matures and begins to generate logs necessary to identify security issues, you will quickly run into the problem of having more logs than you can manually review. Two solutions for this problem are to either reduce the amount of logs generated to that which can be reviewed, or implement a SIEM which can intelligently analyze the fire hose of logs and generate a manageable amount of events to review manually.

What are the challenges involved with implementing a SIEM?

A common challenge with implementing security tools is reducing noise. Many out of the box configurations will begin alerting false positives. After enough of these alerts, whoever receives them will become accustomed to ignoring alerts which increases the risk of an actual security event not being addressed quickly.

The SIEM should be regularly adjusted to reduce noise, and more accurately identify security events which need review. But always remember the SIEM will miss information on its own, it's role is to assist your analysts in detecting actionable events.

What SIEM solution is right for you?

In addition to the time requirement of regularly tuning alerts, dedicating analysts to reviewing alerts and logs, SIEMs are often cost prohibitive for small businesses. If you have the manpower there are many fantastic enterprise grade tools available including Splunk, LogRhythm, SolarWinds Security Event Manager. SMBs also have the option of hiring MSSPs with trained staff who will review events, tune alerts, and reduce noise so your staff only needs to react to events which require action.

Conclusion

Logs contain the footsteps of hidden enemies working to compromise your environment. If these logs aren't deliberately generated and reviewed, you will be unaware when your prevention systems fail and your environment is compromised. Implementing a Security Information and Event Management (SIEM) is a great way to handle a large volume of logs being generated and set up automated alerts when those security incidents arise.

If your organization is read to implement a SIEM we’re here to help. Contact us today for a free consultation.