SIEM ;Stand for Security information and event management , the purpose of this solution to collect logs from all devices switches,routers,firewalls, And IPS . and using those data to have one output . example  you want to search for a specific IP access X system  , current you jump from one box to another, by this system from one place . in addition this tool can help you identifying any attacks or someone trying to hack into your network .

now if you have an Electrical Payment . you must be a PCI compliant , and one of the PCI requirements is the Log Management

there is a free one for small company such as splunk <– it can do the job but its not strong enough

there is Weblogic which is good , and Symantec one ” most owned by huawei now”

my Favorite is Arcsight .



Comments are closed.