Security Information and Event Management (SIEM) is a security management system that gives you a complete view of activity in your network, enabling you to respond to threats in real-time. It collects, parses and classifies machine data from a wide range of sources, then analyzes the data to provide insights so you can act accordingly.
- Event Collection: Collect events and logs from multiple sources with a wide variety of protocols, such as Syslog, logfile, and network flows.
- Information Normalization: Storing information that has been normalized. Information normalization is the uniformity of the format from various heterogeneous sources into a uniform and consistent format, to make it easier to analyze. Information from each source can have a different format, for example when a user is logged on, the event format is different on Windows, on Linux, or a network device. But all of them have the same information, namely the user logs in, then the event can be normalized by SIEM.
- Information Enrichment: This information enrichment can use internal or external references. In a data center that contains hundreds of servers, some servers may have a more important role than other servers. Server asset information based on this internal IP address can be entered into SIEM so that an incident on an important server can have a higher level of urgency than incidents on other servers.
- Information Correlation: SIEM is used to detect patterns in a set of information. For example, a computer logging in using 5 different UserIDs on 1 day will have a high level of urgency in correlation, because it is similar to the pattern of using other people’s passwords illegally from that computer.
- Alerting: If a critical event is detected, SIEM can send near real-time alerts to email or to the ticketing system (helpdesk), so that they can be immediately followed up on the same day. In general, SIEM also has simple incident management built-in, which can be used by companies that do not yet have a ticketing system.
- Historical Data Retention, Reporting, Dashboard, dan Forensic Analysis : Furthermore, all information and analysis results are stored for daily reports, monthly reports, near real-time security dashboards, and for forensic needs if needed.
PT Global Innovation Technology is a SIEM (Security Information and Event Management) vendor in Indonesia and has implemented it in banks and telcos since 2008.
Learn more and implement the solution for your
PT Global Innovation Technology has been an active IT Vendor in Jakarta, Indonesia since 2007
We have created solutions in major customers such as Bank Mandiri, BTPN, Pertamina, Telkomsel, XL Axiata, Indosat, Kalbe Farma, Jasindo, Smart Philippines, NTT Data Japan and many more. Find out what our clients think about us.