Question

What functions should a Security Information and Event Management (SIEM) system perform? How can SIEMs be used in incident response and to address compliance issues? Is it possible to reach a point where a SIEM solution results in an organization being less secure by design?

Answer 1

SIEM functions:

• It offers various tools, services, and techniques to provide security in the organization on a holistic level.
• It provides real-time visibility in the organization and in all the security systems.
• It provides event logs and they are used to consolidate data and information from different sources.
• It is used to add intelligence to the data gathered from different sources.
• It is used to understand the correlation of data and events.
• It provides automatic notifications for security events.
• It also provides a dashboard where notifications can be received and security issues can be checked.

Use in incident response and compliance issues:

• As it's used in incident response and compliance issues, it offers reporting facility and incident detection.
• It has helped in deploying tools for compliance report streamlining.
• The data received from hosts and security events is addressed using host tools.
• This offers centralized logging.
• SIEM increases the detection of undetected incidents. It can easily identify the malicious signs of an activity.

In some cases, capital expenses in the beginning and maintenance cost afterwards, can represent challenges in the security. It can be hard to maintain the security level solution.