Security Event Manager

A Security Event Manager (SEM) is an automated tool for corporate data networks are used for storage and analysis of logs, tracks cases of other software to centralize the network.

REM is a relatively new idea, first in 1999 by a small company called e-Security, and 2010 are not yet fully developed. Only one or two years ago, they were called the Security Information Manager (SIM) and Security Information and Event Manager also (SIEM) called. Beside her, but the market for something else exists for log management, although these two areas are closely linked, Log Management usually focuses on the collection and storage of data, while the SEM is focused on data analysis. Some vendors specialize in a particular market or the other, and some do both, or complementary products.

Many systems and applications that run on a computer network to generate events that take place in the newspaper. These logs are primarily related list of activities that took place with the events newel registration at the end of newspapers as they occur. Protocols such as SNMP and Sysco can be used to transport these events because, by the recording software, which are not generated on the same computer on which the events occur. The best offer a flexible range of HE communication protocols supported for the most diverse collection of event possible.

It is to send all events to a central system of SEM for the following reasons:

* Access to all protocols can be provided by a consistent interface Central
* The SEM is a safe, storage and archiving sound legal event logs (this is also a function of traditional newspaper management)
* The powerful reporting tools available on the SEM-I use the logs useful information
* Events can be analyzed as they are made to the importance of SEM and alerts can be immediately sent to interested parties justified
* Show events that may occur in multiple systems recognized it would be impossible to tell whether a system has a separate register
* The events that continue from one system to the SEM, even if the system fails to send or logs to be removed accidentally or intentionally sent

In addition to collecting and storing data differ from the SEM easy log management tools through a deeper level of analysis of events. This can be contextual information such as the host information (value, owner, location, etc.), identity information (the user information in connection with accounts with first / last name and returned, employee ID, holder of a name, etc.), and so on. This contextual information can be used to improve the correlation and reporting.

SEM can also be integrated with the exterior renovation, ticketing and workflow tools to assist in the process of solving problems. SEM is a more flexible, expandable set of integration options to ensure that the environments of SEM of most customers are working.

SEM implementations move also capture happened infrastructure of routers, switches, servers, firewalls and others, is the ability to adequately monitor critical applications for business. As has become the most applications - especially internally developed or third software developers - not detailed logging a challenge in these sensitive products to integrate SEM. Possible solutions to these challenges to the network based on technologies for cold and others.

REM are often sold to U.S. regulatory requirements like Sarbanes-Oxley and PCI DSS, in general, the solutions, these products may be available only to the monitoring and analysis activities of business computing, HE is no "magic bullet" for compliance, but may help to produce useful reports for a limited number of controls.

Commercial products are components of SEM Accelops Nitro Security, Log Logic, RSA Security, Novell, Trego, Q1Labs Radar, Prism Event Tracker, Arc Sight, spelunk, Sensate, Cisco, snare, Tripwire, Logic and others.

Open-source products-SEM include:

* LogZilla - analysis of newspapers and graphical tool
OSSIM * (Free Open Source, with commercial modules Alien Vault)
* Prelude