All network systems and devices like Windows/Linux desktops & servers, routers, switches, firewalls, proxy server, VPN, IDS and other network resources generate logs by the second. And these logs contain information of all the system, device, and user activities that took place within these network infrastructures. Log files are important forensic tools for investigating an organizations security posture. Analysis of these log files provide plethora of information on user level activities like logon success or failure, objects access , website visits; system & device level activities like file read, write or delete, host session status, account management, network bandwidth consumed, protocol & traffic distribution; and network security activities like identifying virus or attack signatures and network anomalies.
Security Information Event Management (SIEM) refers to the concept of collecting, archiving, analyzing, and reporting on information obtained from all the heterogeneous network resources. SIEM technology is an intersection of two closely related technologies, namely the Security Event Management (SEM) and Security Information Management (SIM).
According to Wikipedia "Security Information Management (SIM), is the industry-specific term in computer security referring to the collection of data (typically log files; e.g. eventlogs) into a central repository for trend analysis. This is a basic introductory mandate in any computer security system. The terminology can easily be mistaken as a reference to the whole aspect of protecting one's infrastructure from any computer security breach. Due to historic reasons of terminology evolution; SIM refers to just the part of information security which consists of discovery of 'bad behavior' by using data collection techniques..." So, to a large extent SIM is concerned with network systems, like Windows/Linux systems, and applications. As a technology SIM is used by system administrators for internal network threat management and regulatory compliance audits.
SEM on the other hand is concerned with the "real time" activities of network perimeter devices, like firewalls, proxy server, VPN, IDS etc. Security administrators use SEM technology for improving the incident response capabilities of the perimeter/edge devices through network behavioral analysis. The target audience for SEM technology is NOC Administrators, Managed Security Service Providers (MSSP), and of course the Enterprise Security Administrators (ESA).
ManageEngine® Firewall Analyzer (www.fwanalyzer.com) is a firewall log analysis tool for security event management that collects, analyses, and reports on enterprise-wide firewalls, proxy servers, and VPNs to measure bandwidth usage, manage user/employee internet access, audit traffic, detect network security holes, and improve incident response.
Firewall Analyzer helps you to:
ManageEngine® EventLog Analyzer (www.eventloganalyzer.com) is a web-based, agent-less syslog and windows event log management solution for security information management that collects, analyses, archives, and reports on event logs from distributed Windows host and, syslogs from UNIX hosts, Routers & Switches, and other syslog devices. EventLog Analyzer is used for internal threat management & regulatory compliance, like Sarbanes-Oxley, HIPAA, GLBA, PCI, and others.
EventLog Analyzer is used to:
Enabling Management Your WayT
Founded in 1996, ZOHO Corp. is a software company with a broad portfolio of elegantly designed, affordable products and web services. ZOHO Corp. offerings span a spectrum of vertical areas, including network & systems management (ManageEngine.com), security (SecureCentral.com), collaboration, CRM & office productivity applications (Zoho.com), database search and migration (SQLOne.com), and test automation tools (QEngine.com).
ZOHO Corp. and its global network of partners provide solutions to multiple market segments including: OEMs, global enterprises, government, education, small and medium-sized businesses and to a growing base of management service providers. www.manageengine.com, www.zoho.com
"The implementation was so easy and the Firewall Analyzer immediately started showing me how much inbound and outbound traffic was passing through our firewalls.I now use Firewall Analyzer daily!"