Consolidation of two terms designating a software scope:
- SIM (Security information management) is information security management and
- SEM (Security event management) is security event management. The SIEM technology provides the analysis in real time of events (alarms) of security proceeding from network devices and applications.
For detection of already happened infections of which the company does not know yet there is a class of the systems of protection of SIEM (Security information and event management is information management and events in a security system). They analyze events in security systems, react to suspicious work of network equipment and applications, issue notifications about the made attacks. The best of them do it in real time. Experience of many suppliers of SIEM shows that often already pilot implementation reveals in networks of customers the different malware, including spywares which were not detected by other security aids.
Software products of category SIEM are capable to analyze a status of information security in IT systems, in real time, to generate notifications, to react to work of network equipment and applications. General problem of products of this category: the help to the companies in a question of rapid response to the made attacks, incidents in security systems and streamlining of the data processed within this task.
SIEM represents the improved system of detection of harmful activity and different system anomalies. Work of SIEM allows to see broader picture of activity of network and events of security. When normal sensors separately do not see the attack, but it can be detected in the careful analysis and correlation of information from different sources.
A SIEM system collects, analyzes and provides information from network devices, information security tools and information systems. Also
are a part of the system applications for control by identification and access, management tools vulnerabilities.