安全信息和事件管理市场
When it comes to maintaining strong cybersecurity, systems administrators need to keep track of real-time network activity, account usage, and commercial transactions. By keeping logs and engaging in comprehensive tracking, your IT experts can detect problems and threats as they happen and where. From there, admins can take decisive action to minimize the effects of cyberattacks or halt unauthorized usage before either can wreak havoc on your business network.
在保持强大的网络安全性方面,系统管理员需要跟踪实时网络活动,帐户使用情况和商业交易。 通过保留日志并进行全面跟踪,您的IT专家可以及时发现问题和威胁,以及发生的位置。 从那里开始,管理员可以采取果断措施,最大程度地减少网络攻击的影响或停止未经授权的使用,然后再对您的业务网络造成严重破坏。
As threats to networks and data centers increase, so too does the need to increase efforts to detect and respond to these threats. Cybercriminals can exploit any number of paths to infiltrate your business networks. To counter this, it’s important to be able to observe activity across a wide range of devices and networks and be in a position to respond quickly and decisively.
随着对网络和数据中心威胁的增加,对检测和响应这些威胁的工作也越来越需要。 网络罪犯可以利用多种途径渗透您的业务网络。 为了解决这个问题,重要的是能够观察到各种设备和网络上的活动,并能够做出快速而果断的响应。
This is where a security information and event management (SIEM) system comes into play.
这是安全信息和事件管理(SIEM)系统起作用的地方。
解释SIEM (Explaining SIEM)
SIEM combines security information management (SIM) with security event management (SEM) forming a single collaborative security management system in which information from multiple sources is collected and analyzed using rules-based or statistical protocols in order to detect and respond to suspicious activity in an efficient and timely manner. This process could also include more sophisticated user behaviour analytics and machine learning.
SIEM将安全信息管理(SIM)与安全事件管理(SEM)结合在一起,形成了一个单一的协作安全管理系统,该系统中使用基于规则或统计的协议来收集和分析来自多个来源的信息,以便检测并响应可疑活动。高效及时的方式。 该过程还可能包括更复杂的用户行为分析和机器学习。
An example of this process in action would be one in which someone has gone on vacation and discovered their credit or bank card has been blocked.
此过程的一个示例是某人正在休假并发现其信用卡或银行卡已被冻结的过程。
Financial institutions, particularly banks, were among the first to apply SIEM to their efforts to keep compliant with the Payment Card Industry Data Security Standard (PCI DSS). If a bank or credit card owned by a person living in Oregon suddenly showed purchases made in the street markets of Bangalore, that would trigger a notice in the security information management part of the SIEM system and activate a quick response in the security event management part by placing a hold on that card’s use until the validity of the transaction could be confirmed.
金融机构,特别是银行,是最早采用SIEM来保持遵守支付卡行业数据安全标准(PCI DSS)的公司之一。 如果居住在俄勒冈州的人拥有的银行或信用卡突然显示在班加罗尔的街市上购物,这将在SIEM系统的安全信息管理部分触发通知,并在安全事件管理部分激活快速响应保留该卡的使用,直到可以确认交易的有效性。
As SIEM further refines over time, overall security will improve and potential inconveniences for customers will decrease and promote greater confidence in those businesses that adopt an effective SIEM system.
随着SIEM随着时间的推移进一步完善,整体安全性将得到改善,客户的潜在不便将减少,并增强对采用有效SIEM系统的企业的信心。

SIEM系统对您的业务的优势 (The advantages of a SIEM system for your business)
事件检测 (Incident detection)
With password protection protocols, robust firewalls, and staff trained in smart Internet use, you would think that smart businesses have enough tools to prevent unauthorized network activity. Many businesses even have a rudimentary logging routine in place that can detect suspicious activity, raise red flags when necessary, and even block certain types of access.
有了密码保护协议,强大的防火墙以及受过智能Internet使用培训的人员,您会认为智能企业拥有足够的工具来防止未经授权的网络活动。 许多企业甚至都具有基本的日志记录例程,可以检测可疑活动,在必要时发出危险信号,甚至阻止某些类型的访问。
Is that enough?
够了吗?
Using a SIEM system means adding additional layers of detection and the ability to investigate correlating events across multiple hosts and devices, analyze them, and determine what kind of breach or attack took place and how successful it might or might not have been.
使用SIEM系统意味着增加检测的层次,并具有研究跨多个主机和设备的关联事件,对其进行分析并确定发生了何种破坏或攻击以及其成功与否的能力。
发病React (Incidence response)
What happens when an unauthorized use or blatant cyber attacks occur? By setting into motion a rules-based protocol and machine learning analytics, a SIEM system will take flagged activity and put a halt to it before damage can become severe.
当发生未经授权的使用或公然的网络攻击时,会发生什么? 通过启动基于规则的协议和机器学习分析,SIEM系统将采取已标记的活动,并在损害变得严重之前停止该活动。
An incidence response stops attacks while in progress, analyzes the information logs, and tracks the attack back to its source whether its origins be malware running on a desktop or mobile device or a hacker on the other side of the world. An effective SIEM system will also determine which hosts or devices were affected by the attack and isolate them from the rest of the system in case any may have been dangerously compromised.
突发事件响应可以阻止正在进行的攻击,分析信息日志,并将攻击追溯到其来源,无论其起源是台式机或移动设备上运行的恶意软件还是世界另一端的黑客。 一个有效的SIEM系统还将确定哪些主机或设备受到了攻击,并将它们与系统的其余部分隔离开,以防任何主机或设备受到危险威胁。
合规报告 (Compliance reporting)
Many businesses have regulatory compliance requirements such as PCS DSS or the Health Insurance Portability and Accountability Act (HIPAA) which need to be strictly adhered to or otherwise be at risk of steep financial penalties and loss of customer confidence.
许多企业都有法规遵从性要求,例如PCS DSS或《健康保险可移植性和责任法案》(HIPAA),这些要求必须严格遵守,否则将面临严厉的经济处罚和丧失客户信心的风险。
SIEM tools usually include built-in support for most compliance needs. Among those tools should be an ability to collect and compile data from a range of operating systems, applications and devices. The resulting security logs will save time and resources when it comes to reporting and can often meet multiple compliance requirements.
SIEM工具通常包括针对大多数合规性需求的内置支持。 在这些工具中,应该具有从一系列操作系统,应用程序和设备收集和编译数据的能力。 由此产生的安全日志将节省报告时间和资源,并且通常可以满足多种合规性要求。

对企业有利 (Good for business)
Security information and event management tools allow businesses to obtain a wider view of their IT and network security throughout the entire organization. With smart cyberattack monitoring and activity logs, combined with robust response management, businesses are better protected in a world in which new cyber threats pop up every day.
安全信息和事件管理工具使企业可以在整个组织范围内更广泛地了解IT和网络安全。 通过智能的网络攻击监控和活动日志,再加上强大的响应管理,在每天都出现新的网络威胁的世界中,可以更好地保护企业。
It’s in everyone’s best interest to place a priority on protecting business and customers. SIEM tools offer a comprehensive, streamlined solution to network security, and lets entrepreneurs focus on nurturing their business.
优先保护企业和客户符合每个人的最大利益。 SIEM工具为网络安全提供了全面,简化的解决方案,并使企业家能够专注于发展业务。
Thank you for reading. I’d love to share more with you via my Weekly Word Roundup newsletter sent to subscribers every Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time.
感谢您的阅读。 我希望通过 每个星期天发送给订阅者的 每周Word综述 新闻稿 与您分享更多信息 。 它将包含新闻,生产力提示,生活技巧以及指向互联网上的热门故事的链接。 您可以随时取消订阅。
翻译自: https://medium.com/swlh/all-about-security-information-and-event-management-siem-80f7fdeffd87
安全信息和事件管理市场