Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.
Security information management (SIM) is software that automates the
collection of event log data from security devices such as firewalls, proxy
servers, intrusion detection systems and anti-virus software. This data is then
translated into correlated and simplified formats.
SIM systems keep track and show the activity analytics of the system
events as they happen. They translate events data gathered from many resources
into a general and simplified format. Usually, the data is translated into an
XML file.
SIM systems collect and coordinate data from various resources in such a
way that helps administrators to recognize the real threats and false positives
on the system. False positives mean events that seem to be a major threat but
in reality it’s not a threat.
As soon as suspicious activities occur, the SIM tool responds to the
event by sending alerts to administrators of organizations and by generating
reports and graphical representations such as charts and graphs.
The reports generated
by SIM systems are typically used to:
- Detect
unauthorized access as well as modifications to files and data breaches.
- Identify
data trends that can be leveraged potentially by business organizations
for their progression.
- They are also
used to identify network behavior and assess performance.
Reports are a critical part of any SIM program. A reliable SIM tool will
generate regular reports, often in visual formats such as graphs or
charts. Security personnel can use these reports to detect security
events, identify suspicious behaviors, and detect and address ongoing threats.
No comments:
Post a Comment