Security Information and Event Management (SIEM)
So much data, not enough information is a phrase often stated when organisations try to understand just what their security solutions, tools and network systems are trying to tell them. A typical customer will have a multitude of devices and systems creating a multitude of log events, in fact there are so many log events the challenge is not creating more, but rather separating the chaff from the wheat and identifying the events of value.
There are so many golden needles in the network activity security haystack – the challenge is making them easy to find, and simple to understand.
Detecting today’s advanced threats requires greater visibility and understanding of network activity. Compliance, audit and regulation standards call for the ability to review logs, identify incidents, and to report on security events.
Are you 100% sure that you would know that your organisation had been breached, would you know if you were being attacked? Could you quickly understand how, when and where?
CST’s Incident & Event Management solutions rationalises all the different technologies you have in place and gives real-time network visibility, creating actionable security intelligence so that your organisation can respond quickly and mitigate risk. It brings order to IT Security incident management and provides one place to see if there is a high possibility of attack.
Security Information and Event Management (SIEM) is an approach to security management that seeks to provide a holistic view of an organisation’s information technology (IT) security.
We have selected two solutions to address SIEM, an on premise solution from LogRhythm and a Managed Service from Symantec. Each has slightly different SIEM characteristics and will appeal to different customers based on the depth and granularity of event management required, and the resource availability.