A few functions of a SIEM:

1) To centralize all security notifications from the various security technologies (i.e. firewalls, IDS/IPS systems, anti-virus console, wireless access points, active directory server)

2) To provide log-in and reporting for compliance purposes. For almost every compliance regulation, there are requirements to log user access, track system changes and monitor adherence to corporate policies. SIEM collects this data from all systems and then generates the appropriate reports.

3) To automate, cross-correlate and analyze all raw event logs from across the entire network. This is where a SIEM looks for hidden cybersecurity issues that might otherwise go unnoticed.


Attending ICBA Live 18? All Covered Is!