bluebay2014 - Fotolia
SIEM benefits include automatic monitoring of many IT components and increased protection against malicious activity.
IT administrators must monitor many components on a regular basis. Consider the volume of assets admins have direct control over: networking switches, firewalls and appliances; bare-metal, converged and hyper-converged, and physical or virtual servers; physical and virtual storage; and PCs, tablets and smartphones. All this technology can reside anywhere, such as in a corporate data center, a colocation facility or in the cloud.
SIEM tools aggregate information from all of these components via log files, simple network management protocol traps and associated management information base file stream analytics. It then normalizes the data so analysis can identify abnormal activity, which can come from poorly written code causing memory leaks, CPU overloads or malicious attacks, such as distributed denial-of-service attacks, brute force security attacks or attempts to load malware onto the platform.
SIEM benefits busy administrators
SIEM tools can create rule associations and trigger actions that address security concerns, which reduce management workloads for administrators. These actions block or throttle activity by offloading suspicious activity to a less mission-critical area or by alerting the administrator. They can also include immediate remediation through intelligent platform changes that cause malicious activity to fail. In this way, SIEM benefits administrators because they do not have to focus on responding to and mitigating alerts.
SIEM benefits extend to organizations that use machine learning and artificial intelligence, as vendors are adding features that enhance SIEM capabilities against cyber and ransomware ransomware attacks.
Dig Deeper on Best practices for data center operations
Related Q&A from Clive Longbottom
IT departments can integrate AI capabilities with their data center management workflows using machine learning algorithms that enable admins to ... Continue Reading
How can you maintain network security beyond the standard firewall and blacklisting tactics? Encryption and digital rights management can ensure ... Continue Reading
SIEM tools help organizations detect and mitigate malware and viruses, but they also allow administrators to offload traffic when an attack hampers ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.