santiago silver - Fotolia
Security information and event management systems operate by automatically collecting, analyzing and acting on data from an IT environment. Traditional SIEM use cases include log reporting and malware protection, but SIEM can also help trace cyberattacks.
Organizations can use the logging capabilities of SIEM tools to bring together data from dissimilar devices across a network and normalize it. This offers easier and more effective analysis to identify any issues across the organization’s platform.
Organizations can also use SIEM tools to pattern match activity and workloads to find possibilities of malicious intent, then stop attacks before they can take hold. This SIEM use case is especially compelling because signature-based anti-virus systems cannot keep pace with new malware hitting the wires. Denial of service activities, brute force username/password hacks and other external attacks can affect the performance of an organization’s platforms. SIEM tools can help find the root cause of performance issues from heavy network traffic and offload it to maintain performance.
SIEM tools can also help identify and locate security issues across a platform using pattern matching algorithms, log aggregation, analysis and reporting via reports or dashboards so that such issues can be picked up and rectified far faster than through manual means.
Other SIEM use cases
These are relatively basic SIEM use cases, but there are also advanced SIEM capabilities. Organizations can use SIEM tools to identify cyberattack patterns and trace the origin of the attacks. Government bodies can also use SIEM to identify attack targets.
Most SIEM use cases deal with identifying malicious activity coming from outside an organization, but the tools can also identify malicious activity from employees, contractors and consultants within an organization.
SIEM can help identify traffic to specific sites via normal or less accepted transport mechanisms, as well as traffic that is encrypted where it shouldn't be.