Security Event Manager (SEM)

A Security Event Manager (SEM) is a computerized tool used on enterprise data networks to centralize the storage and interpretation of logs, or events, generated by other software running on the network.SEMs are a relatively new idea, pioneered in 1999 by a small company called e-Security, and in late 2005 are still evolving rapidly. Just a year or two ago they were called Security Information Managers (SIMs)[1] and are also called Security Information and Event Managers (SIEMs). SEMs can help satisfy U.S. regulatory requirements such as those of Sarbanes-Oxley which require (among other things) that certain events, such as accesses to systems and modifications to data, be logged and that the logs be kept for a specified period of time.
It is beneficial to send all events to a centralized SEM system for the following reasons:
* Access to all logs can be provided through a consistent central interface
* The SEM can provide secure, forensically sound storage and archival of event logs
* Powerful reporting tools can be run on the SEM to mine the logs for useful information
* Events can be parsed as they hit the SEM for significance, and alerts and notifications can be immediately sent out to interested parties as warranted
* Related events which occur on multiple systems can be detected which would be impossible to detect if each system had a separate log
* Events which are sent from a system to a SEM remain on the SEM even if the sending system fails or the logs on it are accidentally or intentionally erased.

Technorati Tags: Computer Knowledge

Vote Result

Score: 0.0, Votes: 0