Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) refers to products that aggregate and analyze information from different sources to help an enterprise defend company resources. When SIEM hardware, software, and services discover abnormalities, they trigger the reporting and responses helpful for disrupting or mitigating cyberattacks.
SIEM can be part of an enterprise’s on-premise infrastructure or delivered by managed service provider (MSP). The services typically use many nodes such as firewalls, anti-virus scans, intrusion detection, behavioral scanning, Active Directory, applications, routers, switches, and more to detect incidents above the normal state of an enterprise. Often these nodes and SIEM as a whole monitor traffic and scan for automated attacks such as credential stuffing and password guessing, as well monitoring devices for malicious software installations and these programs’ activity.
SIEM was first coined by Gartner in 2005. Today it is part of the tools that large enterprises use for data loss prevention (DLP).
“Our SIEM is picking up anomalous traffic to our web app in the form of rapid failed login requests. We’re being targeted for credential stuffing. Please report it to the authorities and see if we can track its source, however I am sure it’s proxied.”