SIEM is the industry-specific term referring to the collection of data (typically log files; e.g. event logs) into a central repository for trend analysis.

SIEM comprises of software agents running on the systems and devices that are to be monitored, communicating with a centralized server acting as a "security console", sending it information about security-related events, which displays reports, charts, and graphs that information, in real time.

The software agents can incorporate local filters, to reduce and consolidate the data that they send to the server.

The security console is then monitored , and reviewed and this Information and Event Management system enables remedial action in response to any alerts issued.

The Rivendale SIEM Solution may be divided into three main functional areas that together form a complete and scalable solution:

   Security Management

The SIM analyzes large volumes of information in near real time, detecting and responding to threats that affect the organization. It also offers powerful risk reporting and management tools to address these incidences.

   Log Management (SEM)

The SIM gathers information from devices deployed at any point in the network such as firewalls and routers, and stores these logs en masse ensuring their admissibility as evidence in a court of law.

   Detection and Monitoring

Sensors, deployed across the network, perform low level analyses of all traffic detecting, auditing and analyzing the context in which threats are produced. Solution probes are unique in the depth and breadth of data collection and protection they provide.

  What does SIEM deliver?

• Holistic view into the current security infrastructure
• Real time and accurate threat detection
• Signature as well as behavior based anomaly identification
• Spanning across network devices and endpoints
• Event Correlation and Risk Metrics
• Intelligent reporting