Partner – HP ArcSight (www.hp.com)
SIEM is an abbreviation for Security Event and Information Monitoring. With all the security devices and network devices that companies place on their network, the admins need to have a visibility of this complex environment.
All, the security devises generate millions of logs and reports for whatever they are securing or monitoring. Going through all these logs requires an army of security experts but with SIEM solutions, we can send all these logs to the SIEM solution, and it will analyze and correlate one log from one system, with another log from another system and be able to tell the admin how they are related and if it poses a security threat to the organization.
Think of it as a central intelligence point where all events are looked at and conclusions made: this is an attack, this system is vulnerable in this place, and this is what MUST be done to prevent compromise.
With HP Arcsight, we can send all logs from our security devices to a central server that helps us collect, correlate, analyze and recommend remediation to threats in our IT environment.