What is Security Information and Event Management, and how does it help a companys security posture?
Security Information and Event Management, or SIEM, is an integrated set of products for collecting, analyzing, and managing enterprise event information. With SIEM, organizations can manage multiple security applications and devices, and respond automatically to resolve security incidents. Over the past decade, companies have relied on SIEM solutions to secure the perimeter and defend the network. ArcSight has worked with its customers more recently to expand SIEM functionally to not just protect data, but give users a look into what people are doing with it, even in the cloud. SIEM gives companies the power to see the whole security picture. For example, the University of Tennessee has a research facility they co-manage which has been a prime target for outside hackers and insider threats. The university deployed a variety of security point devices, but didn’t have the manpower or budget to sift through the millions of event logs they were generating to adequately protect the network