SIEM functions:
- It
offers various tools, services, and techniques to provide security
in the organization on a holistic level.
- It
provides real-time visibility in the organization and in all the
security systems.
- It
provides event logs and they are used to consolidate data and
information from different sources.
- It
is used to add intelligence to the data gathered from different
sources.
- It
is used to understand the correlation of data and
events.
- It
provides automatic notifications for security events.
- It
also provides a dashboard where notifications can be received and
security issues can be checked.
Use in incident response and compliance
issues:
- As
it's used in incident response and compliance issues, it offers
reporting facility and incident detection.
- It
has helped in deploying tools for compliance report
streamlining.
- The
data received from hosts and security events is addressed using
host tools.
- This
offers centralized logging.
- SIEM
increases the detection of undetected incidents. It can easily
identify the malicious signs of an activity.
In some cases, capital expenses in the
beginning and maintenance cost afterwards, can represent challenges
in the security. It can be hard to maintain the security level
solution.