Security Information and Event Management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system. The foundational principle of SIEM is the aggregation of data that is relevant to an organization from multiple sources. Certain organizations will leverage a SIEM solution to stop abnormalities and associate an action. Sophisticated organizations will leverage correlated data in conjunction with user and entity behavior analytics (UEBA) or security orchestration and automated response (SOAR).
SIEM solutions have become an integral piece of IT and Security operations. When looking to onboard a SIEM solution, consider the following:
- Threat Intelligence Fields
- Forensic Capabilities
- Artificial Intelligence / Machine Learning
- Compliance Reporting