{"id":13780,"date":"2021-01-08T15:39:22","date_gmt":"2021-01-08T14:39:22","guid":{"rendered":"https:\/\/www.kogit.de\/?page_id=13780"},"modified":"2021-01-08T15:44:37","modified_gmt":"2021-01-08T14:44:37","slug":"security-information-event-management","status":"publish","type":"page","link":"https:\/\/www.kogit.de\/en\/services\/security-information-event-management\/","title":{"rendered":"Security Information & Event Management"},"content":{"rendered":"

[vc_row full_content_width=”row-inner-full” top=”0px” bottom=”0px”][vc_column][vc_raw_html]JTNDc3R5bGUlM0UlMEEucGFnZS1oZWFkZXIlMjAlN0IlMEElMjAlMjAlMjAlMjBiYWNrZ3JvdW5kJTNBJTIwdXJsJTI4JTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMTAlMkZzaHV0dGVyc3RvY2tfNjY4NDY5OTQzLXNjYWxlZC5qcGclMjklMjBjZW50ZXIlMjB0b3AlM0IlMjBiYWNrZ3JvdW5kLXJlcGVhdCUzQSUyMG5vLXJlcGVhdCUzQiUyMGJhY2tncm91bmQtc2l6ZSUzQWNvdmVyJTBBJTdEJTBBJTNDJTJGc3R5bGUlM0UlMEE=[\/vc_raw_html][\/vc_column][\/vc_row][vc_row top=”40px” bottom=”10px”][vc_column][vc_heading subtitle=”Real-time analysis of security incidents with SIEM” subtitle_tag=”h2″ divider=”div-between” divider_color=”#f39100″ css_animation=”bottom-to-top”][\/vc_column][\/vc_row][vc_row top=”10px” bottom=”20px”][vc_column][vc_column_text]Security Information and Event Management (SIEM) solutions help organizations with threat detection, regulatory compliance and incident management in IT security in general.[\/vc_column_text][\/vc_column][\/vc_row][vc_row top=”10px” bottom=”20px”][vc_column][vc_column_text]<\/p>\n

Structure of a SIEM<\/h4>\n

SIEM solutions primarily collect and analyse data from various security events, data from other IT events and information for further context-related evaluation. For this purpose they offer the collection and storage of event and log data, their normalization, correlation and analysis as well as log management. Classic SIEM solutions usually fail to provide advanced analysis with the greatest possible degree of automation, supported by methods from the field of Artificial Intelligence (AI\/KI), usually by means of machine learning. This is exactly where highly exciting use cases for access analytics arise. This ranges from the detection of threat scenarios in IAM or PAM systems, the mitigation of attacks by the IAM to the automation of IAM processes.[\/vc_column_text][\/vc_column][\/vc_row][vc_row top=”10px” bottom=”20px”][vc_column][vc_column_text]\"\"<\/p>\n

The previous diagram gives an insight into the system components of a SIEM. The lower part of the graphic shows all external event sources. This includes the data\/events of all connected systems. The SIEM system first stores and standardizes all data available to it and creates a timeline if necessary. Thus, the data can also be used for forensic analysis. The external event sources (some are received passively, some are collected actively by agents) are analyzed, classified and checked for business relevance (data enrichment) by the data collectors. These steps are important to put the data into a company-specific context (network areas, departments, etc.).<\/p>\n

In the upper part of the graphic the individual system components of a SIEM are listed. All these components communicate bidirectionally with the message bus, thus implementing the principle of “near real time”, i.e. availability of all events & alarms almost in real time for all components of the SIEM system.<\/p>\n