What is SIEM?

   I’m coming to you from beautiful downtown Mobile, and for today’s Tech Tip I want to talk to you about SIEM.

   SIEM stands for Security, Information, and Event Management. That’s a fancy term for a piece of software that lives on your machine that is recording all of the logs that are happening on your machine.
It’s talking about every time you log in when you log out if there are a bunch of, say, bad passwords being tried against your machine, if software was installed, really everything that your computer is doing, it’s being logged.

   Not only is it being logged, but oftentimes these are tied to a security operations center. Where those logs are being taken to the security operations center, and they’re being reviewed by artificial intelligence looking for anomalies. When these anomalies are found, they’re taking them and they can do things. They can call you on the phone, they can disconnect that machine from the network.

   This is something that we’re seeing more and more of as the requirements for compliance with SIEM and SOC combined. It’s a great feature. They’ve gotten these things where they’re very cost-effective. Even from a forensic standpoint, you can go back and have those logs analyzed so that you can show whether ten records were breached or 100,000 records were breached. This is very important whenever a security event happens that’s deemed a breach. So that you have your ongoing proof of what your users are doing, as well as what possibly could have been lost.

   If you’d like to talk and find out more about the advantages of SIEM and SOC, I’d be happy to just hit me up. Hope you’re having a great day out there. Keep it safe.