0

Security information and event management. A SIEM solution, which can be in the form of an appliance, software, or managed service, collects and aggregates data from multiple sources (firewalls, network appliances, and intrusion detection systems, for example), identifies deviations from normal patterns, and takes action to prevent security incidents. Upon detecting a potential issue, the SIEM solution might log additional information, send an alert, and instruct other security controls to stop an activity in progress. While basic SIEMs can be rules-based or use statistical correlation engines to establish relationships between event log entries, more advanced SIEM solutions may employ technologies such as SOAR (security orchestration, automation, and response) and UEBA (user and entity behavior analytics).