SAFETY INFORMATION MANAGEMENT (SIEM)
One of the important things that each organization should consider is the introduction of a solution for centralized collection of security information and events (SIEM - Security Information and Event Management).
About the solution
SIEM solutions are not just systems for logging, but are defined as a set of complex technologies that aim to provide users with a holistic view of the entire IT infrastructure. In addition, SIEM solutions have a very important role in organizations that intend to align their business with various certifications, such as ISO 27001, PCI, HIPAA and others.
At its core, SIEM solution combines the following technologies:
- System for collecting logs and events from various devices, servers and applications in the network (switches and routers, firewalls, databases, active directories, applications, etc.)
- System for centralized and layered checks in the form of various dashboards
- Normalization, which translates computer jargon into data readable for the end user
- Correlation
- Adaptability, i.e. the ability to customize SIEM solutions to understand the languages of different devices, regardless of which vendor, format, or message type is the word
- The ability to create reports and alarm system administrators in case of different incidents
The described levels of protection are just some of the proposals for investing engineering and financial resources, but they are not a universal standard of protection that everyone has to have. In order to start protection planning, the company must detect and prioritize its key services and resources and, accordingly, decide what is the most important to protect. For example, many smaller companies will not need SIEM or WAF solutions, while larger companies may need to be tackled by defining policies for BYOD, by introducing sandboxing or user activity monitoring solutions.
