Security information and event management (SIEM) technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources. It also supports compliance reporting and incident investigation through analysis of historical data from these sources. The core capabilities of SIEM technology are a broad scope of event collection and the ability to correlate and analyse events across disparate sources. The security information and event management (SIEM) market is defined by the customer's need to analyse event data in real time for the early detection of targeted attacks and data breaches, and to collect, store, investigate and report on log data for incident response, forensics and regulatory compliance.

SIEM technology aggregates event data produced by security devices, network infrastructure, systems and applications. The primary data source is log data, but SIEM technology can also process other forms of data, such as NetFlow and network packets. Event data is combined with contextual information about users, assets, threats and vulnerabilities. The data is normalized, so that events, data and contextual information from disparate sources can be correlated and analyzed for specific purposes, such as network security event monitoring, user activity monitoring and compliance reporting. The technology provides real-time correlation of events for security monitoring, query and analytics for historical analysis and other support for incident investigation and compliance reporting.

Using LogRhythm for your SIEM needs

LogRhythm's SIEM can be deployed in an appliance, software or virtual instance format and supports an n-tier scalable decentralized architecture composed of the Platform Manager, AI Engine, Data Processors, Data Indexers and Data Collectors. Consolidated all-in-one deployments are also possible. System Monitor and Network Monitor can optionally be deployed to provide endpoint and network forensic capabilities such as system process, file integrity and NetFlow monitoring, DPI, and full-packet capture. LogRhythm combines event, endpoint and network monitoring capabilities with UEBA features, an integrated incident response workflow, and automated response capabilities.

According to Gartner, “LogRhythm is an especially good fit for organizations that require integrated advanced threat monitoring capabilities in combination with SIEM. Those organizations with resource-restricted security teams requiring a high degree of automation and out-of-the-box content should also consider LogRhythm.”