Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security.
The underlying principle of a SIEM system is that relevant data about an enterprise’s security is produced in multiple locations and being able to look at all the data from a single point of view makes it easier to spot trends and see patterns that are out of the ordinary. SIEM combines SIM (security information management) and SEM (security event management) functions into one security management system
A SEM system centralizes the storage and interpretation of logs and allows near real-time analysis which enables security personnel to take defensive actions more quickly. A SIM system collects data into a central repository for trend analysis and provides automated reporting for compliance and centralized reporting. By bringing these two functions together, SIEM systems provide quicker identification, analysis and recovery of security events. They also allow compliance managers to confirm they are fulfilling an organization's legal compliance requirements.
A SIEM system collects logs and other security-related documentation for analysis. Most SIEM systems work by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment -- and even specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console, which performs inspections and flags anomalies. To allow the system to identify anomalous events, it’s important that the SIEM administrator first creates a profile of the system under normal event conditions.
What is IBM QRadar Security Intelligence?
IBM® QRadar® Security Intelligence is a tightly integrated solution that allows you to protect your organization from threats and cybersecurity attacks. The IBM QRadar Sense Analytics™ Engine helps eliminate noise by applying advanced analytics to chain multiple incidents together and identify security offenses requiring action. You can realize even greater intelligence, speed and accuracy by extending the platform with cognitive security from IBM Watson. Read what 2 leading analysts have to say about IBM QRadar: Forrester Wave Security Analytics Platforms Q1 2017 Report and the 2016 Gartner Magic Quadrant for Security Information & Event Management (SIEM).