From: TechTarget
Expert Karen Scarfone examines important criteria for evaluating security information and event management (SIEM) products for use by an organization.
Security information and event management (SIEM) products and services collect, analyze and report on security log data from a large number of enterprise security controls, host operating systems, enterprise applications and other software used by an organization. Some SIEMs also have the ability to attempt to stop attacks in progress that they detect, potentially preventing compromises or limiting the damage that successful compromises could cause.
There are many SIEM systems available today, including “light” SIEM products designed for organizations that cannot afford or do not feel they need a fully featured SIEM. It can be quite a challenge to figure out which products to evaluate, let alone choose the one that’s best for a particular organization or organizational unit. Part of the SIEM evaluation process should involve creating a list of criteria to be used to highlight SIEM capabilities that are particularly important to consider.
Leave a Reply