Security Event Management Flashcards
Security Event Management
Security Event Management, also known as SEM is a security software specialized in the identification, collection, monitoring, evaluation, notification and correlation in real-time of events and alerts of a computer system (network devices, security systems (IDS, IPS, Firewall), specialized software (Antivirus), etc.), whose purpose is to identify “suspicious” behavior within the system, to provide an effective and timely response from the security team to any incident that occurs within the network.
What Does SEM do?
SEMs are mainly in charge of monitoring and analyzing in real-time the existing events in an IT system in search of any kind of anomalous behavior that could mean an infection, incident or threat existing in the system. Some of the actions carried out by SEM software are as follows:
Real-time events monitoring.
Obtaining security events in devices and applications within the system.
Correlation of events to provide a clear picture of the information system.
Analyze logs according to their level of importance.
Real-time incident response.
These systems meticulously analyze each record collected, using various security algorithms, statistical calculations, and even vulnerability databases (which contain common weaknesses and its corresponding exploits) to determine whether the system presents any threat, vulnerability or risk at the time of the evaluation (such as anomalous logins, unusual web requests, outdated software, etc.). And then report this information to the organization’s security body through reports, graphics, and even alerts via SMS (in case of obtaining a severe vulnerability).
Advantages & Disadvantages of SEM
As can be seen, SEMs are services that bring many benefits to the users who deploy them in their organizations, some of these are:
Centralization of information from different devices and network elements.
Reduction of false positives and false negatives.
Considerable improvement in response time to internal and external threats.
Even so, it is always important to mention some disadvantages that can affect users who want to implement this type of solution to their network:
They are hard to deploy.
They have a high market cost
As they are automated systems, they can present failures that allow for false positives and negatives.
Security systems will always be at risk, so with these tools, the life and work of an organization’s analysts and security team become easier. However, it is valid to remember that automation cannot be everything in a secure environment; after all, it is not a matter of who analyzes a system fastest, but who keeps it safe and functional the longest.
