Content Aware SIEM Defined

Date Added: Mar 2009
Format: PDF

Content Aware SIEM (CA-SIEM) represents a new generation of Security Information and Event Management (SIEM) capabilities that extend the value and benefits of SIEM by providing visibility into the contents of applications, documents and protocols. Without content awareness, a SIEM is only able to act upon the surface details provided by logs. This limits the effectiveness of key SIEM functionalities - including threat detection, incident response, and compliance reporting - because the data being used for analysis lacks sufficient context to make informed, relevant decisions. As a result, SIEM systems have started to evolve: context information from add-?on systems such as Identity Management, Vulnerability Assessment, Configuration Management systems, and others has been used to enhance the security events collected and correlated by the SIEM.