Overview: Security Information and Event Management (SIEM)

Quick Definition

Security Information and Event Management—or SIEM—systems are enterprise platforms that centralize real-time security signals and manage the responses to be taken to them. SIEM platforms enable organizations to aggregate security-relevant data from a variety of disparate sources and systems within the organization and to change the behavior of these sources and systems in reponse to this data.

In most cases, a variety of lightweight agents are deployed across the organization at various levels, from network hardware to endpoints and workstations to servers and cloud systems, to collect data about ongoing activity and deliver it to a centralized engine where it is logged, analyzed, and ultimately acted upon.

Industry leading SIEM systems tend to include both a user and entity behavior analytics (UEBA) component for monitoring and understanding granular threats and an automated response component that enables privileges, sessions, and computing resources to be rapidly locked down as emerging threats are detected.

Plurilock's AWARE product for continuous enterprise montioring and awareness is designed with users of SIEM systems in mind, and enables them to gather and consider the user identity signals that Plurilock uses for authentication purposes in its ADAPT and DEFEND products.