SIEM: Security Information and Event Management

SIEM, or Security Information and Event Management, is a phrase that was popularized by Gartner Analyst Mark Nicolett, the leading industry analyst in this space. There are two fundamental pieces to SIEM, Security Event Management (SEM) and Security Information Management (SIM).

Security Event Management (SEM) helps IT security operations personnel identify and be more effective in responding to external and internal threats. LogLogic’s Security Event Manager Appliances fit into this category.

Security Information Management (SIM) provides reporting and analysis of data to support regulatory compliance initiatives, internal threat management and security policy compliance management. LogLogic’s Log Management Appliances fit into this category.

Key Differences: The key differences between SEM and SIM are currency and volume. A proper SIM solution is designed to collect massive amounts of data from thousands of disparate devices, index and store that information for multiple years, making it available for offline forensic investigation. A SEM solution on the other hand, tries to do the opposite. A SEM solution’s primary goal is to dispose of as much data as possible in order to quickly isolate the most critical events and then alert the business in real time. Gartner claims that the most effective way to deploy a SEM is to base it upon a successful roll-out of a SIM (or log management) solution.

LogLogic builds the most scalable SIM solution in the industry. Our appliances can consume a quarter of a million log messages per second, and can scale to multi-terabytes of long term storage, with connections out to WORM and SAN drives for further scalability.

The LogLogic SEM solution is connected to the SIM using patented routing technology that exploits the SIM’s unique auto-discover deployment model, and its own rapid-event taxonomy, to drastically cut deployment time down from months to days.

Key SIEM Resources