What is security information and event management?

Security analysts need to address the most critical threats facing their organization with speed and accuracy. Since 2005 when analyst firm Gartner coined the term, security information and event management (SIEM) has grown in importance for organizations looking to improve their security posture with technology and services.

To combat modern threats, today’s SIEM have evolved to incorporate advanced analytics such as user behavior analytics (UBA), network flow insights and artificial intelligence (AI) to accelerate detection. Additionally, SIEM platforms integrate seamlessly with security orchestration, automation and response (SOAR) platforms to accelerate incident response and remediation. With a single dashboard, security analysts can gain insights from log and flow data, drawn from a large range of security and IT sources, to prioritize triage and increase efficiency in response. SIEM can be enhanced and optimized through the expertise of consulting and managed services to help with policy management, rule optimization and augmenting security staff. Additionally, IBM can provide a programmatic threat management program that aids in prevention, detection, response and recovery from cyber threats.

SIEM use cases

Insider threats

SIEM can help discover insider threat indicators through user behavior analytics and machine learning algorithms.

Phishing attacks

The correlation rules in a SIEM can identify all possible signs of an advanced persistent threat (APT) and detect phishing attacks.

Compliance reporting

SIEM can help your organization comply with standards such as GDPR, PCI, SOX, HIPAA and more.

Data exfiltration

SIEM can use behavioral analysis to correlate seemingly unrelated events, such as insertion of USBs, use of personal email services, unauthorized cloud storage or excessive printing.

OT and IOT security

Correlate data from OT and IoT solutions to get a unified view and identify abnormal activity and threats.

Threat hunting

SIEM empowers you to proactively search for malware or attackers that are lurking in your network — and may have been there for some time.

IBM Security SIEM solutions

IBM Security QRadar

Explore intelligent security analytics for insight into your most critical threats

IBM Security X-Force Threat Management Services

Explore our proven, standards-based approach to the prevention, detection, response and recovery, from cybersecurity threats

IBM Security Intelligence Operations and Consulting Services

Assess your threat strategies, unite security operations and response, improve your security posture and migrate to the cloud confidently.