The Complete Guide to Log and Event Management
Security information and event management (SIEM) technology has existed since the late 1990s, but it has always been somewhat controversial in the security industry due to its initial promise of a “security single pane of glass” combined with slow adoption across smaller organizations. More recently, traditional SIEM has been joined by a broaduse log management technology that focuses on collecting a wide variety of logs for a multitude of purposes, from security incident response to regulatory compliance, system management and application troubleshooting. In this paper we will analyze the relationship between these two technologies—SIEM and log management—focusing not only on the technical differences and different uses for these technologies, but also on architecting their joint deployments. For example, if you need to satisfy logging requirements of PCI DSS, which one should you deploy? What technology is better suited to optimize your incident response and investigation procedures? Which one will give you real-time insight about the attacks? In addition, we will provide recommendations for companies that have deployed log management or SIEM in order for them to plot their roadmap to enhancing, optimizing and expanding their deployment. We will also recommend a roadmap for companies that have already deployed both of these technologies.
Publications from Novell