The present market for Security Information and Event Management (SIEM) is driven by an increased need to meet compliance requirements as well as a continuing need for real-time security analysis of external and internal threats. The primary drivers are two-fold: Security Information Management (SIM) and Security Event Management (SEM).
Security Information Management, or SIM, solutions provide reporting and analysis of data primarily from host systems and applications, and secondarily from security devices to support security policy compliance management, internal threat management and regulatory compliance initiatives. SIM can be used to support the activities of the IT security, internal audit and compliance organizations.
Falling under the umbrella of "compliance", the customer’s motive is to analyze and report on information over time. Data from all layers of the network is examined – from security to host systems to applications. Such as HIPAA, Sarbanes Oxley, and SAS 70.
Security Event Management, or SEM, solutions improve security incident response capabilities. SEM processes near-real-time data from security devices, network devices and systems to provide real-time event management for security operations. SEM helps IT security operations groups be more effective in responding to external and internal threats.
For more information on the SIEM marketplace, see the Gartner Magic Quadrant for Security Information and Event Management, H1 06, ID G00139431.
