Security Event Management

In addition to traditional security devices such as firewalls and intrusion detection systems that most systems can generate a typical incident of network security. Examples of security incidents happened authentication, audit events, intrusion events, anti-virus and events and these events are usually stored in system logs, security logs, or table’s database.

In many organizations security policies, or regulations that require companies security events are monitored and security protocols are reviewed to identify gaps in security. The security information is often recorded logs for the reconstruction of the sequence of events when a critical incident investigation and monitoring of security protocols, which would identify problems otherwise missed. The problem is that the amount of information that can be generated by security devices and systems is important and manual control is generally not practical. Security Event Management (SEM or SIM Security Information Management) addresses this problem by automatic analysis of information to solve job alerts deliver. In a nutshell, is the management of security events involved in the collection, transportation, storage, monitoring and analysis of security incidents?
Introduction

if successfully implemented a solution for managing security events can benefit from a security operations team to oversee the security infrastructure. Implementation of SEM can alleviate much of the need for hands on monitoring of security systems like intrusion detection systems, which usually brings a strong console logs or for long periods. This allows the monitoring of the security team spend less time monitoring consoles and more time for other tasks, such as improving the functions of incident response.

This improvement is the implementation of the provisions in the HE system, facial expression reached the know-how or techniques used by security practitioners in the review of security events on the console or log. The SEM system can even go look for trends in the data not by the analysis of man to determine how "low and slow" (intentionally stealthy) attacks. Intelligence in building this system is not sinecure, and Het may take several months to begin to realize the benefits of implementing a system of HIM.

When planning a management solution for security events, the following should be considered:

* what systems should be monitored for security events?
* What events are important and what information is collected from the newspaper?
Compensates areas * time synchronization, time and DST
* Where, how and how long the logs should be stored?
* The safety and integrity protocols in collecting and transporting
* the system of HE as a system of registration
* How to manage security events to generate meaningful indicators or warnings?
* Adjust the system to improve efficiency and reduce false alarms
* Follow procedures
* Requirements for the election of a management solution security trade event

The remainder of this chapter describes the factors involved in the planning and implementation of a security event management (SEM) system, and factors to consider when buying a commercial SEM.