What is SIEM?

SIEM is a concept to get an better/global overview about what is happening in your infrastructure. It’s not only technically but also includes company demands and needs from the organizational point of view. You define what you need from your departments and your infrastructure and setup processes that keep an eye on that and set automatically reactions if something happens.

So for example:

• You monitor the temperature in your office and server rooms and if they goes up or over a limit
• On one of your switches an interfaces is going up and down every few seconds – usually thats no good sign
• One of your users tried to often to login with a wrong password
• Some ip address tries very often to reach a services that simply does not exist on your servers
• One of your clients does a million nameserver queries within a few minutes

Every of these aspects could harm the security of your infrastructure and/or the company itself and so with SIEM you keep an eye on everything happening and set events on what you think you should know about.

For analyzing and reacting nowadays more and more artificial intelligence will be used. These systems learn what is still ok and what they should take care of, what they can handle themselfs and when a real peson should be notified.