Q
Manage Learn to apply best practices and optimize your operations.

SIEM benefits include automated monitoring, malware mitigation

SIEM tools deliver automated alert actions, normalize log data and provide intelligent filtering, all of which can help IT administrators lighten their workloads.

SIEM benefits include automatic monitoring of many IT components and increased protection against malicious ac...

tivity.

IT administrators must monitor many components on a regular basis. Consider the volume of assets admins have direct control over: networking switches, firewalls and appliances; bare-metal, converged and hyper-converged, and physical or virtual servers; physical and virtual storage; and PCs, tablets and smartphones. All this technology can reside anywhere, such as in a corporate data center, a colocation facility or in the cloud.

SIEM tools aggregate information from all of these components via log files, simple network management protocol traps and associated management information base file stream analytics. It then normalizes the data so analysis can identify abnormal activity, which can come from poorly written code causing memory leaks, CPU overloads or malicious attacks, such as distributed denial-of-service attacks, brute force security attacks or attempts to load malware onto the platform.

SIEM benefits busy administrators

SIEM tools can create rule associations and trigger actions that address security concerns, which reduce management workloads for administrators

SIEM tools can create rule associations and trigger actions that address security concerns, which reduce management workloads for administrators. These actions block or throttle activity by offloading suspicious activity to a less mission-critical area or by alerting the administrator. They can also include immediate remediation through intelligent platform changes that cause malicious activity to fail. In this way, SIEM benefits administrators because they do not have to focus on responding to and mitigating alerts.

SIEM benefits extend to organizations that use machine learning and artificial intelligence, as vendors are adding features that enhance SIEM capabilities against cyber and ransomware ransomware attacks.

This was last published in May 2018

Dig Deeper on Best practices for data center operations

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What actions do you have set up for your SIEM tools?
Cancel

-ADS BY GOOGLE

SearchWindowsServer

SearchServerVirtualization

SearchCloudComputing

Close