IT DRILLDOWN
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Social Responsibility's Strategic Benefits

December 15, 11:30 AM - 12:30 PM US/Eastern (GMT-5)

Join Ed Granger-Happ, CIO of Save the Children, for a discussion of how creating an organization that is socially responsible improves staffing, retention, leadership development and overall corporate health.

Working With and Communicating to Your Board of Directors

January 13, 2009, 4:00 PM - 5:00 PM US/Eastern (GMT-5)

CIO panelists who will share tips and experiences working with their boards: Twila Day of SYSCO; Jeff O'Hare, West Corp.; Marc West, formerly with H&R Block.

IT's Role in Growing Mid-Market Companies

January 14, 4:00 PM - 5:00 PM ET (GMT-5)

Mid-market Council members will share their companies' stories and challenges in driving or coping with growth. Panelists represent Veterinary Pet Insurance, Medicis Pharmaceutical, and Intrax Cultural Exchange.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

 
 
 

Are SIEM and Log Management the Same Thing?

Log management has been around for awhile, but is SIEM taking over?

 

July 01, 2008Network World — Like many things in the IT industry, there's a lot of market positioning and buzz tossed around regarding how the original term of SIM (Security Information Management), the subsequent marketing term SEM (Security Event Management), the newer combined term of SIEM (Security Information and Even Management) relate to the long standing process of log management.

The basics of log management aren't new. Operating systems, devices and applications all generate logs of some sort that contain system-specific events and notifications. The information in logs may vary in overall usefulness, but before one can derive much value out of them, they first need to be enabled, then transported and eventually stored. It is here that the first challenge of log management is presented: how does one gather this data from an often distributed range of systems and get it into a centralized (or at least semi-centralized) location? There are varying techniques to accomplish centralization, ranging from standardizing on the syslog mechanism and then deploying centralized syslog servers, to using commercial products to address the log acquisition, transport and storage issues. Some of the other issues in log management include working around network bottlenecks, establishing reliable event transport (such as syslog over UDP isn't exactly the most robust of models), setting requirements around encryption, and managing the raw data storage issues.

So the first steps in this process are figuring out what type of log and event information you want to gather, how to transport it, and where to store it. But that leads to another major consideration: once you have it, what do you want to do with it? It is at this point where basic log management ends and the higher-level functions associated with SIEM begins.

SIEM products typically provide many of the features required for log management but add event-reduction, alerting and real-time analysis capabilities. They provide the layer of technology that allows one to say with confidence that not only are logs being gathered but they are also being reviewed. SIEM also allows for the importation of data that isn't necessarily event-driven (such as vulnerability scanning reports)—hence the "Information" portion of SIEM.

In watching the market mature over the past 10 years we believe there is room for both traditional log management tools and the real-time analysis capabilities provided by SIEM tools, but we suspect that organizations would prefer to go to a single vendor for both. Clearly organizations have to solve the first problem (log management) in order to address the second (analysis and monitoring), but the wise purchaser will know that after the first problem is addressed the second will become immediately apparent. Plan accordingly.

© 2007 Network World Inc.
Loading...
 
 
ABCs
 

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Operational Excellence Is Key to Maximizing IT Investments

APM Solutions: A Window into Complex Web Applications

APM Solutions Offer Insight into Complex Web Applications

How to Start a PMO & Realize the Benefits Fast

The Future is Fusion. Only from AMD. Learn more

Project Portfolio Management - Boost the Value of IT

IT Cost Transparency & Performance Management for Optimizing IT

Predict the future with HP Insight Power Manager

Predict the future with HP Insight Power Manager

Microsoft SQL Server 2008. Read Case Studies, Watch Demos, & Download for Free

The 2008 CEO Study: Implications for the CIO

HP LaserJet P4014n printer starting at $799 after $100 IS. www.hp.com

NEW HP Color LaserJet CP3525n printer starting at $699. » SHOP NOW. www.hp.com

Businesses Transform with VMware Virtualization

CIO Starter Kit includes useful resources created by top CIOs. Free Download>>

Rolling the dice with your security? Take the Self-Assessment Test now

Strong Authentication. Secure USB data storage. One Device

Learning from BPM Leaders

Quest Authentication and IBM Tivoli Identity Management

Get IDC's take on one company's foray into storage virtualization.

Revolutionizing Endpoint Security with a Single Agent

White Paper: Centralized Data Backup and Your WAN

White Paper: Accelerating the Next Phase of Virtualization

Learn how companies are changing how they reach out to their most profitable customers.

The Right and Wrong Master Data Management Strategies to Start Small and Grow Big

Learn how the new Quad-Core AMD Opteron™ processor improves performance

The Link Between APM and Customer Satisfaction

Providing Around-the-Clock Customer Satisfaction

AMD. The Future is Fusion

Portfolio Management for Effective IT Governance

Telepresence - A Realistic Solution Connecting a Global Workforce

New research validates telepresence solutions.

Affordable technology-no compromise. HP server solutions

Protect data-HP All-in-One and Disk-Based systems

See how IBM helped Bharti create a new business model

Read how IBM helped Hughes enhance security

HP LaserJet M3035 MFP series starting at $1,599. » SHOP NOW. www.hp.com

NEW HP Color LaserJet CM3530n MFP starting at $2,499. » SHOP NOW. www.hp.com

Learn about the software-based VoIP solution from Microsoft

Download the free CIO Starter Kit to access useful resources created by top CIOs

Log onto Hitachi True Stories, films inspired by the next great achievement

SOA Educational Library at the TIBCO SOA Resource Center

Integrating ActiveRoles With IBM Tivoli Identity Manager 5.0

Quest Authentication Services: Simplify Identity Management

Data Protection: Challenges for the Traveling User

Check Point Endpoint Security - Unifying Essential Components

Learn how wide-area data services can help deliver the benefits of virtualization

The Handbook of Application Delivery: Everything You Wanted to Know but Didnt Know You Needed to Ask

A fresh look at the impact of customer intimacy.

Webcast: SOA Brings Backend Systems into the Future, Rapidly & Successfully