User:Vineshmangalampalli/sandbox

Security Information and Event Management
With the advancement of technology, everything has become available at a click. That’s amazing because people don’t always find time in their busy schedule. For example, a person may not carry his laptop with him but want to transfer funds immediately for some reason. In that case, with mobile banking, he can transfer the funds on the go if he has an internet connection. It saves time which could be utilized in other productive works. Just as the saying goes, every coin has two sides, technology has provided us with lot of liberty to do desired task as per our convenience, but it can’t be denied it has given lot of unwanted effects apart from making people lazy. We can’t deny the fact that our data is not safe today despite advanced techniques of authorization and authentication which were not known in the past. We still can’t protect our systems from being hacked. We can just take measures to reduce the damage caused or prolong the time the hacker needs to hack the system but cannot stop it completely.

The cyber-attack is one of the most serious concern in IT world today. The attack can originate from any part of the world. The attackers have worked to make the attacks sophisticated and not easily detectable which compels us to have a strong defense system. For detecting such attacks, every minute information needs to be analyzed and every possible tool that could prove to be helpful needs to be utilized. Also, for most of the applications available today, a proper logging system must be adopted, so that logs could be used for extracting information of the user, his location, his source system details like IP and other things. For analyzing and managing the logs, we have different tools out of which Security Information and Event Management is in demand. SEIM has become an inseparable part of every application today. It basically collects the user data that is logged and is being used for debugging, integrates the data into a single entity so that the user need not have to roam hither and tither for different pieces of information. The SEIM tool also provides other interesting features like a layer of defense, sending out alerts in case of any discrepancy and threat detection of the zero-day threats which are almost impossible to detect. These features are also an integral part of modern security systems.

What is SEIM?
The term SEIM was first coined by Mark Nicolett and Amrit Williams in 2005 is the combination of Security Information Management (SIM) and Security Event Management (SEM) which were at once disparate products. SEIM can provide real-time analysis of the security alerts generated by either applications, hardware or network. The term was actually used to describe its capability to gather, analyze and present the information from
 * identity and access management applications;
 * operating system;
 * network and security devices;
 * vulnerability management and policy compliance tools;
 * database and application logs;
 * external threat data.

The crucial feature of SEIM is that it monitors and helps manage user and service privileges, manages directory services and other changes related to system configurations. It also provides the ability for log auditing, reviewing and incident response. It can be understood that logging system is the crucial part of an application because without proper logging, the issues cannot be traced, and it would become difficult to reach to the root cause of the issue.

SEIM Capabilities
There is a list of capabilities that SEIM provides. They can be summarized as follows:
 * Data aggregation – provides to aggregate the data from different sources like application, network, database and so on to give it a consolidated form to prevent missing any crucial events.
 * Correlation – provides to use common attributes, events and links into meaningful bundles and turns data into useful piece of information.
 * Alerting – provides for monitoring correlated events and generating alerts to notify the users in case of any issues.
 * Compliance – provides to gather compliance data and produce reports complying to the security, governance and auditing processes.
 * Dashboards – provides to turn the data into informational charts to track of any unwanted behavior or pattern.
 * Retention – provides for storing data for a long term so that data could be correlated with time and helps in providing retention required for meeting compliance requirements.

Conclusion
SEIM is important because the IT companies ae growing exponentially and equally is the growth of complexity. Any application that comes into market today in turn is dependent on other sources or third-party applications. The operations are also divided into various groups like server, desktop, database, applications, sales, development, and so on. SEIM is required to integrate the data from all these different applications or different groups within the same application and display the data to keep track of the users accessing the application and the errors that are populating. Everyday new attacks and vulnerabilities are popping up and advanced threats have been rumored to be out. To safeguard the applications from these potential threats, SEIM is required due to its ability to detect zero-day threats. So, though we cannot completely safeguard the attacks and threats, SEIM at least promises us to be a reliable tool.