Question

What are three different types of SIEM's on the market today? Security information and event management (SIEM) is a subsection within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.

Answer 1

Security Information and Event Management (SIEM) is a set of services or tools that provide a view of an organization's information security. They use correlations and rules to turn event log entries into meaningful data using which a problem can be solved and decisions can be taken. This can help organizations detect threats and perform investigations on past security threats. It is actually a collection of two technologies, security information management which collects the data from logs for analysis and security event management which performs the real time monitoring and notifies about the security threats. The three types of SIEM's in market today are:

In-house SIEM: In an in-house SIEM, the organization is solely responsible for it's implementation and setting it up with the existing systems and configuration of the log sources. All security related information stays within the organization and there is no involvement of any third party sources. The organization has to purchase the required hardware and software for implementing the same hence in-house SIEM setups require a high initial investment and costs for maintenance and updates. The advantage of having an in-house SIEM is that it can be customized as per the needs of the organization.

Cloud based SIEM: Cloud based SIEM's are subscription based just like how we use Microsoft Azure and AWS. Organizations have minimal responsibilities in terms of maintaining hardware and software. Instead of paying a huge amount upfront, organizations go for monthly or annual subscription which gives them freedom to take decisions wisely and try different options. One disadvantage though is that the security information of an organization is at a location that is not controlled or owned by the organization.

Managed SIEM: As the name suggests, the SIEM is managed by a third party or a vendor. It can involve either an in-house or a cloud based SIEM but with the help of a service provider. Entire support is provided by the vendor and the organization does not have to depend on the internal security team. The solution is hosted on the vendor's server and the client system is monitored for potential security threats. The advantages include negligible maintenance, expertise on fingertips and flexible pricing.