When it comes to maintaining strong cybersecurity, systems administrators need to keep track of real-time network activity, account usage, and commercial transactions. By keeping logs and engaging in comprehensive tracking, your IT experts can detect problems and threats as they happen and where. From there, admins can take decisive action to minimize the effects of cyberattacks or halt unauthorized usage before either can wreak havoc on your business network.
在保持强大的网络安全性方面，系统管理员需要跟踪实时网络活动，帐户使用情况和商业交易。 通过保留日志并进行全面跟踪，您的IT专家可以及时发现问题和威胁，以及发生的位置。 从那里开始，管理员可以采取果断措施，最大程度地减少网络攻击的影响或停止未经授权的使用，然后再对您的业务网络造成严重破坏。
As threats to networks and data centers increase, so too does the need to increase efforts to detect and respond to these threats. Cybercriminals can exploit any number of paths to infiltrate your business networks. To counter this, it’s important to be able to observe activity across a wide range of devices and networks and be in a position to respond quickly and decisively.
随着对网络和数据中心威胁的增加，对检测和响应这些威胁的工作也越来越需要。 网络罪犯可以利用多种途径渗透您的业务网络。 为了解决这个问题，重要的是能够观察到各种设备和网络上的活动，并能够做出快速而果断的响应。
This is where a security information and event management (SIEM) system comes into play.
解释SIEM (Explaining SIEM)
SIEM combines security information management (SIM) with security event management (SEM) forming a single collaborative security management system in which information from multiple sources is collected and analyzed using rules-based or statistical protocols in order to detect and respond to suspicious activity in an efficient and timely manner. This process could also include more sophisticated user behaviour analytics and machine learning.
An example of this process in action would be one in which someone has gone on vacation and discovered their credit or bank card has been blocked.
Financial institutions, particularly banks, were among the first to apply SIEM to their efforts to keep compliant with the Payment Card Industry Data Security Standard (PCI DSS). If a bank or credit card owned by a person living in Oregon suddenly showed purchases made in the street markets of Bangalore, that would trigger a notice in the security information management part of the SIEM system and activate a quick response in the security event management part by placing a hold on that card’s use until the validity of the transaction could be confirmed.
金融机构，特别是银行，是最早采用SIEM来保持遵守支付卡行业数据安全标准(PCI DSS)的公司之一。 如果居住在俄勒冈州的人拥有的银行或信用卡突然显示在班加罗尔的街市上购物，这将在SIEM系统的安全信息管理部分触发通知，并在安全事件管理部分激活快速响应保留该卡的使用，直到可以确认交易的有效性。
As SIEM further refines over time, overall security will improve and potential inconveniences for customers will decrease and promote greater confidence in those businesses that adopt an effective SIEM system.
SIEM系统对您的业务的优势 (The advantages of a SIEM system for your business)
事件检测 (Incident detection)
With password protection protocols, robust firewalls, and staff trained in smart Internet use, you would think that smart businesses have enough tools to prevent unauthorized network activity. Many businesses even have a rudimentary logging routine in place that can detect suspicious activity, raise red flags when necessary, and even block certain types of access.
Is that enough?
Using a SIEM system means adding additional layers of detection and the ability to investigate correlating events across multiple hosts and devices, analyze them, and determine what kind of breach or attack took place and how successful it might or might not have been.
发病React (Incidence response)
What happens when an unauthorized use or blatant cyber attacks occur? By setting into motion a rules-based protocol and machine learning analytics, a SIEM system will take flagged activity and put a halt to it before damage can become severe.
An incidence response stops attacks while in progress, analyzes the information logs, and tracks the attack back to its source whether its origins be malware running on a desktop or mobile device or a hacker on the other side of the world. An effective SIEM system will also determine which hosts or devices were affected by the attack and isolate them from the rest of the system in case any may have been dangerously compromised.
合规报告 (Compliance reporting)
Many businesses have regulatory compliance requirements such as PCS DSS or the Health Insurance Portability and Accountability Act (HIPAA) which need to be strictly adhered to or otherwise be at risk of steep financial penalties and loss of customer confidence.
SIEM tools usually include built-in support for most compliance needs. Among those tools should be an ability to collect and compile data from a range of operating systems, applications and devices. The resulting security logs will save time and resources when it comes to reporting and can often meet multiple compliance requirements.
SIEM工具通常包括针对大多数合规性需求的内置支持。 在这些工具中，应该具有从一系列操作系统，应用程序和设备收集和编译数据的能力。 由此产生的安全日志将节省报告时间和资源，并且通常可以满足多种合规性要求。
对企业有利 (Good for business)
Security information and event management tools allow businesses to obtain a wider view of their IT and network security throughout the entire organization. With smart cyberattack monitoring and activity logs, combined with robust response management, businesses are better protected in a world in which new cyber threats pop up every day.
It’s in everyone’s best interest to place a priority on protecting business and customers. SIEM tools offer a comprehensive, streamlined solution to network security, and lets entrepreneurs focus on nurturing their business.
Thank you for reading. I’d love to share more with you via my Weekly Word Roundup newsletter sent to subscribers every Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time.
感谢您的阅读。 我希望通过 每个星期天发送给订阅者的 每周Word综述 新闻稿 与您分享更多信息 。 它将包含新闻，生产力提示，生活技巧以及指向互联网上的热门故事的链接。 您可以随时取消订阅。