Security information and event management systems operate by automatically collecting, analyzing and acting on...
data from an IT environment. Traditional SIEM use cases include log reporting and malware protection, but SIEM can also help trace cyberattacks.
Organizations can use the logging capabilities of SIEM tools to bring together data from dissimilar devices across a network and normalize it. This offers easier and more effective analysis to identify any issues across the organization’s platform.
Organizations can also use SIEM tools to pattern match activity and workloads to find possibilities of malicious intent, then stop attacks before they can take hold. This SIEM use case is especially compelling because signature-based anti-virus systems cannot keep pace with new malware hitting the wires. Denial of service activities, brute force username/password hacks and other external attacks can affect the performance of an organization’s platforms. SIEM tools can help find the root cause of performance issues from heavy network traffic and offload it to maintain performance.
SIEM tools can also help identify and locate security issues across a platform using pattern matching algorithms, log aggregation, analysis and reporting via reports or dashboards so that such issues can be picked up and rectified far faster than through manual means.
Other SIEM use cases
These are relatively basic SIEM use cases, but there are also advanced SIEM capabilities. Organizations can use SIEM tools to identify cyberattack patterns and trace the origin of the attacks. Government bodies can also use SIEM to identify attack targets.
Most SIEM use cases deal with identifying malicious activity coming from outside an organization, but the tools can also identify malicious activity from employees, contractors and consultants within an organization.
SIEM can help identify traffic to specific sites via normal or less accepted transport mechanisms, as well as traffic that is encrypted where it shouldn't be.
Dig Deeper on Best practices for data center operations
Related Q&A from Clive Longbottom
SIEM tools deliver automated alert actions, normalize log data and provide intelligent filtering, all of which can help IT administrators lighten ... Continue Reading
Our small colocation provider's other customers have been under DDoS attacks that affected our infrastructure. The colo null routes the bad IP ... Continue Reading
Should facilities and IT teams agree on one cohesive DCIM tool for everything in the data center? Are DCIM vendors offering that? Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.