From the course: ISC2 Systems Security Certified Practitioner (SSCP) (2024) Cert Prep

Unlock this course with a free trial

Join today to access over 24,700 courses taught by industry experts.

Security information and event management

Security information and event management

- [Instructor] You know that log files are an important security control. They allow IT professionals to detect suspicious activity taking place on their systems, networks, and applications. However, if you're like most security professionals, you simply don't have the time to do a thorough job of reviewing all of those logs. There are just far too many log entries generated by our systems every day, and trudging through them would be tedious, mind-numbing work. Now, fortunately, computers are very good at tedious work, and most organizations now go beyond the simple reporting and alerting mechanisms we discussed earlier and apply artificial intelligence approaches to the problem of security log analysis. Security Information and Event Management or SIEM systems have three major functions on an enterprise network. First, they act as a central secure aggregation point to collect log entries from a variety of sensors. Administrators configure all their systems, network devices, and…

Contents