SIM, SEM or SIEM? |
|
Correctly implemented Security Information & Event Management (SIEM) solutions contribute to a higher and more stable level of information security. No shocking news for the CIO. Less known however are the many specific applications for each individual stakeholder to benefit from. Think about the value that a SIEM could bring to compliance management, network operations, desktop operations, security operations, database operations et ceteras. SIM + SEM = SIEM
What are we talking about anyway? Security Information Management (SIM) focuses primarily on reporting and data analyses from mostly host systems and applications. Secondary SIM looks at log data from security components to better support policy compliance management, internal management of threats and compliance with regulations such as PCI DSS, Sarbanes-Oxley, HIPAA, Basel II et ceteras. Therefore SIM solutions are best suited to support the activities from security, internal audit and compliance departments. Security Event Management (SEM) mainly focuses on facilitating and improvement of the incident response processes. Therefore SEM processes real-time log data from security, network and system components, all in order to provide near real-time event management information to security operations. SEM actually helps operational IT-security staff to respond to both internal and external threats much faster and more effectively. A full blown SIEM solution obviously combines the SIM and SEM functionality and deliverables, potentially reaching out to all relevant stakeholders. However, there is a bit of a problem with traditional SIEM solutions that started to become real back in 2008. Please do read further... | 
