Posts Tagged ‘SIEM’

Is SIEM Dead – or is SIEM being Transformed?

Saturday, November 11th, 2017

Is SIEM dead - or is SIEM being transformed?

For those not familiar with it, SIEM is a combination of security event management (SEM) and security information management (SIM).

It is two parts - SEM and SIM - that when joined together make for something else entirely.

SEM.  The SEM part of SIEM is focused on quasi real-time monitoring and correlation of security-relevant events and alerting and notification necessary to warn human operators - typically a trained security analyst - to pay attention and take action.

SIM.  The SIM part of SIEM is focused on storage and post-event analysis of SEM related data and reporting - often lumped together with security forensics - about the data aggregated through a SEM system.

The now commonplace rapid-fire media coverage of cyber-attacks, one after another, raises the question: is SIEM up to the job or not?

Let's find out whether SIEM is dead or simply being transformed.

(more…)