In today’s episode, we’re talking SIEMs. That’s short for security information and event management, and it typically describes software or services that provide real-time logging and analysis of security alerts. A SIEM gathers information from a variety of network software and devices and correlates, aggregates, and alerts users of issues requiring attention. They can monitor and manage user access privileges, help with compliance through the automated gathering of relevant data, and provide users with the ability to aggregate and analyze log files that might be spread across the network.
Monzy Merza is head of security research at Splunk, a well-known SIEM provider, and he joins us to share his thoughts on SIEMs, how they fit into the security lifecycle, where threat intelligence comes in, and how successful organizations are best utilizing them.