Professional Documents
Culture Documents
Key Capabilities of Modern SIEMs Include
Key Capabilities of Modern SIEMs Include
Threat Intelligence
Combines internal data with third-party threat intelligence feeds on threats
and vulnerabilities.
Data Aggregation
Collects and aggregates data from security systems and network devices.
Advanced Analytics
Uses statistical models and machine learning to identify anomalies and detect
advanced threats, detect unknown threats, detect lateral movements within a
network, and enrich the context of security alerts to make it easier to
investigate and detect elusive threats.
Dashboards
Creates visualizations to let staff review event data, identify patterns and
anomalies
Forensic Analysis
Enables exploration of log and event data to discover details of a security
incident, with automated attachment of additional evidence organized in a
situation timeline.
Retention
Stores long-term historical data, useful for compliance and forensic
investigations. Built in data lake technology facilitate unlimited, low cost, long-
term storage.
Compliance
Gathers log data for standards like HIPAA, PCI/DSS, HITECH, SOX and GDPR
and generates compliance reports. Helps to meet compliance and security
regulations requirements, for example by alerting about security conditions
for protected data.
Threat Hunting
Enables security staff to run queries on log and event data, and freely explore
data to proactively uncover threats. Once a threat is discovered, automatically
pulls in relevant evidence for investigation.
SOC Automation
Automatically responds to incidents but automating and orchestrating security
systems, known as Security Orchestration and Response (SOAR).