Security information and event management, or SIEM, systems have two major functions on an enterprise network. They serve as a centralized collection point for log entries and perform correlation of events across diverse systems. In this video, learn about the important role that SIEMs play in an organization's cybersecurity program.
- [Narrator] You already know that log files…are an important security control,…allowing IT professionals to detect suspicious activity…taking place on their systems, networks, and applications.…However, if you're like most security professionals,…you simply don't have the time to do a thorough job…of reviewing those logs.…There are far too many log entries generated…by systems everyday and trudging through them…would be tedious, mind-numbing work.…Fortunately, computers are very good at tedious work…and most organizations now go beyond the simple reporting…and alerting mechanisms that I described in the last video…and apply artificial intelligence based approaches…to the problem of security log analysis.…
Security Information and Event Management or SIEM systems…have two major functions on an enterprise network.…First, they act as a central, secure collection point…for log entries.…Administrators configure all of their systems,…network devices, and applications to…send log records directly to the SIEM…and the SIEM stores them in a secure fashion…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Using security assessment tools
- Scanning for vulnerabilities
- Threat assessment techniques
- Performing penetration testing
- Reviewing monitor logs
- Performing code reviews
- Performing fuzz testing and misuse case testing
- Analyzing coverage
- Assessing disaster recovery sites and backups
- Testing BC/DR plans
- Collecting security process data and metrics
- Auditing and control management