Saturday, March 7, 2009

Combined Log Management and SIEM Architecture Benefits

The following notional diagram provides some basic recommendations to consider when deploying and managing Log Management and SIEM systems together.

A well-maintained Log Management and SIEM deployment can significantly reduce the time to Incident Identification and really enhance your overall information security capability. The diagram attempts to illustrate that all information from the Event Sources are processed through the appropriate Log Collection Mechanism and then forwarded to the Log Management System.

The Log Management system eats, stores and can regurgitate everything put into it. The Log Management Solution also can further refine the data set and forward only applicable events for analysis to the correlation engine (SIEM) through the use of intelligent “tagging” of events.

Overall data reduction is only part of the end goal, more importantly we want to ensure the right data is forwarded and evaluated so that we can gain from the overall efficiencies offered by the SIEM. In short we’re ensuring the system has the correct information available to it so that it can respond to the questions you want to ask of it and reduce the garbage as much as possible.

This post is a mirror of my post at
SIEM Best Practices: Combined Log Management and SIEM Architecture Benefits

No comments: