What is SIEM?

SIEM centrally manages logs and events, providing key functions such as:

  • Collect and centrally store log data and events from all devices, long-term, secure, secure and standardized, making it easy for administrators to understand what’s happening in the system.
  • Support analysis and combination of other information about applications, users, servers, … to quickly detect security problems, intrusion activities on all devices in the system quickly.
  • Gives highly accurate and timely alerts for security incidents
  • Built-in reporting standards such as PCI-DSS, HIPAA, NERC-CIP, FISMA, GLBA, SOX, ISO27001 or customized according to customer needs.


Importance of SIEM

As the IT systems of businesses are equipped with many different brands and technology equipment such as routers, switches, servers, databases, SANs, workstation operating systems, banking applications, … Read More Furthermore, these devices and applications all offer different log formats for each vendor.

IT systems are managed by many departments such as System, Network, Application, … to summarize the events at the time of the incident is very difficult, because there is no dedicated solution and long-term event storage for later analysis, which leads to difficulties such as “overflowing” system messages, a large amount of information generated from the log system, some important warnings can be missed. timely handling. Investigating the source of the attack, the target of the attack, the principle of the attack, often requires manual work, takes a lot of time and effort, but is not effective in time.

Also in recent times, new types of attacks such as Advanced Persistent Thread (ATP), Zero-day attacks, attacks from within and new types of Malware have increased dramatically, both in number. the machine is hacked and infected, and the manner in which it is controlled. With explosive numbers, these types also became harder to detect, with sophisticated tricks to avoid detection and analysis. Traditional security solutions hardly work against the new kind of threat.

Therefore, SIEM solution can solve complex problems as above.

Some of the main features of SIEM:

The New Generation SIEM solution provides customers with a centralized storage and analysis system for logs and security events with an unprecedented, contextual correlation in the market.

Centralized event and log management system ensures:

  • Assist in gathering information from multiple sources.
  • Data security.
  • Data integrity.
  • High availability.
  • The ability of in-depth analysis in “real time” provides timely and accurate warnings, shortening the time of detection and troubleshooting.
  • Combines the ability to react quickly to various types of attacks or policy violations or compliance.
  • Built-in standard or customized report sets according to customer needs.