SIEM benefits include automatic monitoring of many IT components and increased protection against malicious ac...
IT administrators must monitor many components on a regular basis. Consider the volume of assets admins have direct control over: networking switches, firewalls and appliances; bare-metal, converged and hyper-converged, and physical or virtual servers; physical and virtual storage; and PCs, tablets and smartphones. All this technology can reside anywhere, such as in a corporate data center, a colocation facility or in the cloud.
SIEM tools aggregate information from all of these components via log files, simple network management protocol traps and associated management information base file stream analytics. It then normalizes the data so analysis can identify abnormal activity, which can come from poorly written code causing memory leaks, CPU overloads or malicious attacks, such as distributed denial-of-service attacks, brute force security attacks or attempts to load malware onto the platform.
SIEM benefits busy administrators
SIEM tools can create rule associations and trigger actions that address security concerns, which reduce management workloads for administrators. These actions block or throttle activity by offloading suspicious activity to a less mission-critical area or by alerting the administrator. They can also include immediate remediation through intelligent platform changes that cause malicious activity to fail. In this way, SIEM benefits administrators because they do not have to focus on responding to and mitigating alerts.
SIEM benefits extend to organizations that use machine learning and artificial intelligence, as vendors are adding features that enhance SIEM capabilities against cyber and ransomware ransomware attacks.
Dig Deeper on Best practices for data center operations
Related Q&A from Clive Longbottom
SIEM tools help organizations detect and mitigate malware and viruses, but they also allow administrators to offload traffic when an attack hampers ... Continue Reading
Our small colocation provider's other customers have been under DDoS attacks that affected our infrastructure. The colo null routes the bad IP ... Continue Reading
Should facilities and IT teams agree on one cohesive DCIM tool for everything in the data center? Are DCIM vendors offering that? Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.