Introduction to SIEM (security information and event management)

Security information and event management (SIEM) is a software system that collects and aggregates and events from various networking devices and resources across IT infrastructure. At present, the SIEM market value is around $4.2 billion and is expected to grow to $5.5 billion by 2025.

The term SIEM was first used in 2005 by Mark Nicolett and Amrit Williams. SIEM as a concept was proposed by them by combining the concept of information management (SIM) and security event management (SEM).

How SIEM works

A typical SIEM collects and aggregates security data from various networking  devices, servers, computers and domain controllers present within the ecosystem. The collected data is stored, aggregated and normalized on which the analytics are applied to detect , raise alerts and enable to take suitable steps based on the alert raised.

Thus, SIEM plays a vital role and is an important part of the ecosystem since it detects abnormal behavior and traffic flowing in and out of the . On the flip side, SIEM can be resource-consuming, expensive to implement and it is often difficult to remediate problems reported by SIEM.

SIEM use

Following are the main capabilities found in an

Read More: https://resources.infosecinstitute.com/topic/introduction-to-siem-security-information-and-event-management/