Security Event Manager

Security Event Manager

A Security Event Manager (SEM) is a computerized tool used on enterprise data networks to centralize the storage and interpretation of logs, or events, generated by other software running on the network. [ [http://www.windowsecurity.com/uplarticle/NetworkSecurity/360is-prep-sem.pdf Preparing for Security Event Management] ]

SEMs are a relatively new idea, pioneered in 1999 by a small company called e-Security, and in late 2005 are still evolving rapidly. Just a year or two ago they were called Security Information Managers (SIMs) and are also called Security Information and Event Managers (SIEMs). SEMs can help satisfy U.S. regulatory requirements such as those of
Sarbanes-Oxleywhich require (among other things) that certain events, such as accesses to systems and modifications to data, be logged and that the logs be kept for a specified period of time.

Many systems and applications which run on a computer network generate events which are kept in event logs. These logs are essentially lists of events, with records of new events being appended to the end of the logs as they occur. Well-defined protocols, such as Syslog and SNMP, can be used to transport these events, as they occur, to logging software that is not on the same host on which the events are generated.

It is beneficial to send all events to a centralized SEM system for the following reasons:
* Access to all logs can be provided through a consistent central interface
* The SEM can provide secure, forensically sound storage and archival of event logs
* Powerful reporting tools can be run on the SEM to mine the logs for useful information
* Events can be parsed as they hit the SEM for significance, and alerts and notifications can be immediately sent out to interested parties as warranted
* Related events which occur on multiple systems can be detected which would be impossible to detect if each system had a separate log
* Events which are sent from a system to a SEM remain on the SEM even if the sending system fails or the logs on it are accidentally or intentionally erased

See also

* Computer security incident management
* Security Information Management

References


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Security Information Management — (SIM) is the industry specific term in computer security referring to the collection of data (typically log files; e.g. eventlogs) into a central repository for trend analysis. SIM is a relatively new idea, pioneered in 1999 by a small company… …   Wikipedia

  • Event management — is the application of the management practice of project management to the creation and development of festivals and events. Event Management involves studying the intricacies of the brand, identifying the target audience, devising the event… …   Wikipedia

  • Event planning — is the process of planning a festival, ceremony, competition, party, or convention. Event planning includes budgeting, establishing dates and alternate dates, selecting and reserving the event site, acquiring permits, and coordinating… …   Wikipedia

  • Security Support Provider Interface — (SSPI) программный интерфейс между приложениями и провайдерами безопасности. SSPI используется для отделения протоколов уровня приложения от деталей реализации сетевых протоколов безопасности и обеспечивает уровень абстракции для поддержки… …   Википедия

  • security — /si kyoor i tee/, n., pl. securities, adj. n. 1. freedom from danger, risk, etc.; safety. 2. freedom from care, anxiety, or doubt; well founded confidence. 3. something that secures or makes safe; protection; defense. 4. freedom from financial… …   Universalium

  • Security and safety features new to Windows Vista — There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.Beginning in early 2002 with Microsoft s announcement of their Trustworthy Computing… …   Wikipedia

  • Object Manager (Windows) — Object Manager in Windows, categorized hierarchically using namespaces Object Manager (internally called Ob) is a subsystem implemented as part of the Windows Executive which manages Windows resources. Each resource, which are surfaced as logical …   Wikipedia

  • TriGeo Network Security — Infobox Company company name = TriGeo Network Security company company type = Private company slogan = You can t protect what you can t see™ foundation = 2001 location city = Post Falls, Idaho location country = USA locations = 1 key people =… …   Wikipedia

  • Computer security incident management — In the fields of computer security and information technology, computer security incident management involves the monitoring and detection of security events on a computer or computer network, and the execution of proper responses to those events …   Wikipedia

  • Desktop Window Manager — For the X Window System window manager, see dwm. Desktop Window Manager A component of Microsoft Windows Details Included with Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”