What is the contrast between Log Centralized, SIM, SEM and SIEM?

Richard Lao
Aug 30, 2019 · 4 min read

Hi, this has been over multi month after the Cyber ​​Security Act. Has been proclaimed as a law Which for some IT laborers Without neglecting to need to focus and look for information Especially the individuals who need to keep up the framework for the association that is working Probably somewhat riotous, and since I am as of now a digital security laborer Especially the framework that identifies security issues like SIEM that is the proper thing Making this period, paying little mind to conversing with any clients, will get a ton of unique consideration about the SIEM framework, however with the trouble of introducing Also, the cost is very solid. Numerous individuals frequently have questions that pursue. Would we be able to utilize different innovations, for example, SIM, SEM or Log Centralized rather than SIEM? What’s more, how is it unique? Today, take a risk to explain the distinctions of these 4 frameworks.

Begin with the first. Log Centralized or Log Management

Log Centralized is a fundamental framework that each association must have so as to consent. PC Act (Cyber Security Act and Computer Act are various laws), with just one capacity of the framework Is to store log information from different frameworks and join them with oneself

Which the essential highlights are

  1. Must almost certainly keep up the uprightness of that data as it were, it is prohibited for anybody to effortlessly alter log information.
  2. Information must almost certainly be utilized when required.
  3. Ready to store information for a period indicated by the law, for example, the Computer Act requiring 90 days of capacity

Which for our home The law has forced Internet service providers or any location that provides Internet for people to use. For example, the company needs to have a Log Centralized system and keep the log for at least 90 days. Legal !!!) The main use of this system is that the Log will be used when necessary, such as the need to send Internet usage information to the authorities. The system must be able to export the raw log as evidence. What log must be collected to cover, can be read from the article. Therefore, for most companies, only having Log Centralized and collecting all the log data as specified Is enough for our country law

Presently, how about we talk about SIM and SEM.

These two are not exactly discussed today, however, a large portion of the Log Centralized frameworks that we find in the market Actually, it’s not Log Centralized, yet it’s a SIM! Since most Centralized Log Logs accompany an element for revealing or making Dashboards to show data from Log, which is actually the meaning of SIM — Security Information Management, which is a log stockpiling framework that isn’t only a log. Is crude data just But can utilize that data to investigate Reports, for example, web utilization reports, web application use reports while Log Centralized can possibly store crude information and fare it when required (crude).

Sound, at that point SEM. How is it not quite the same as SIM?

The principle distinction among SIM and SEM is the information that is gathered, while the SIM stores everything. The SEM is intended to keep just “fascinating” occasions. For instance, the SIM will store the information for all clients at Login to the framework, however SEM will just gather Login data of the User who is Admin or just intrigued by the data of the occasion that has Login Failure as it were. It is named SEM — Security Event Management. Higher anticipated intrigue is frequently joined by SEM Predifine Rule recommended by the maker, that it will identify a few occasions. The greater part of these occurrences are cyberattacks, at times with Incident Response, Alert, Security Report or Compliance Report includes here and there included.

Now it should be conceivable to think about what SIEM is.

Truly, it is Security Information and Event Management. (Take everything). The idea of this is to unite SEM and SIM into a solitary framework. At the end of the day, it stores all log information like SIM does and after that brings those information. Some of them are examined with Predefine Rule like SEM. This will help SIEM to be superior to SEM. Now and then, digital assaults (particularly in present day times) are regularly brought about by numerous occasions. For an occasion together And some of the time sneak for a while before the mishap It is in this way troublesome. Where we will characterize explicit occasions of intrigue and investigate them for assaults Therefore, commonly the information gathered uniquely for SEM occasions is inadequate for examination, while SIEM has total data to have the option to relate occasions. That makes numerous associations that are enthusiastic about digital security having a SIEM framework as opposed to SEM. What is directly for us?

Can be abridged as pursues

  • On the off chance that you need our organization to be legitimate, Computer Act → Go Log Management straight away.
  • On the off chance that needing to utilize Log information for different purposes, for example, examining Internet utilization, getting to significant servers, checking for changes in Configure settings → need a SIM
  • On the off chance that you need to identify Cyber Attack and spotlight on Cyber Security → Go to SIEM or SEM.
Richard Lao

Interested in writing about “cyber attack and threat prevention” with expertise and knowledge about network databases, hardware, firewalls and encryption.

More From Medium

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade