- Specialized security software which helps collect monitor and analyse security events
- Collect data from legs and translates it into a easily usable format
- Monitor events in real time
- Send and generate alerts and reports
- Automate incident response
- Correlation of data from multiple sources
- Translation of event logs
- Easy to deploy
- Store and analyze large volumes of data
- Fast and efficient analysis
- Correlate logs and events to provide the most accurate overview of the system
- Allows for easy threat management
- Can be expensive
- Not certain they can properly adapt to working environment
- Not all providers provide full technical support
Security Event management (SEM)
- Specialized in identification collection monitoring evaluation notifications and correlation in real time of events and alerts
- Used to identify suspicious behaviour
- Real time monitoring
- Obtain security events in devices and applications within the system.
- Correlation of events provide clear picture of the system
- Analyze logs
- Real time incident response
- Centralization of information
- Reduction of false positives
- Improvement in response time
- Hard to deploy
- High cost can prevent failures
- Aggregates and analyzes information
- Combination of SIM and SEM
- Configure devices to send logs to SIEM
- Advanced threat detection
- Forensic and incident response
- Compliance reporting and auditing
- Graylog open source and enterprise versions
- ARCSight
- QRADAR
- Logrhythm
- Splunk