Security event management (SEM) is the process of identifying, gathering, monitoring and reporting security-related events in a software, system or IT environment. ASP’s SEM enables the recording and evaluation of events, and helps security or system administrators to analyze, adjust and manage the information security architecture, policies and procedures.
ASP’s SEM is primarily a security management technique used to analyze the data collected from security events. Typically, ASP’s SEM is enabled through a purpose-built application that is integrated at all end-user devices, networking equipment, firewalls and servers. It takes data input from all devices/nodes and other similar applications such as log management software. The collected events data is analyzed with security algorithms and statistical computations to trace out any vulnerability, threat or risk.
ASP’s SEM solutions/processes are now mostly used in conjunction with security incident management to provide a consolidated security incident and event management (SIEM) solutions.
SIEM is implemented via software, systems, appliances, or some combination of these items. There are, generally speaking, six main attributes of an SIEM system:
Retention: Storing data for long periods so that decisions can be made off of more complete data sets.
Dashboards: Used to analyze (and visualize) data in an attempt to recognize patterns or target activity or data that does not fit into a normal pattern.
Correlation: Sorts data into packets that are meaningful, similar and share common traits. The goal is to turn data into useful information.
Alerting: When data is gathered or identified that trigger certain responses - such as alerts or potential security problems - SIEM tools can activate certain protocols to alert users, like notifications sent to the dashboard, an automated email or text message.
Data Aggregation: Data can be gathered from any number of sites once SIEM is introduced, including servers, networks, databases, and software and email systems. The aggregator also serves as a consolidating resource before data is sent to be correlated or retained.
Compliance: Protocols in a SIEM can be established that automatically collect data necessary for compliance with company, organizational or government policies.