bluebay2014 - Fotolia

SIEM benefits include automated monitoring, malware mitigation

SIEM tools deliver automated alert actions, normalize log data and provide intelligent filtering, all of which can help IT administrators lighten their workloads.

SIEM benefits include automatic monitoring of many IT components and increased protection against malicious activity.

IT administrators must monitor many components on a regular basis. Consider the volume of assets admins have direct control over: networking switches, firewalls and appliances; bare-metal, converged and hyper-converged, and physical or virtual servers; physical and virtual storage; and PCs, tablets and smartphones. All this technology can reside anywhere, such as in a corporate data center, a colocation facility or in the cloud.

SIEM tools aggregate information from all of these components via log files, simple network management protocol traps and associated management information base file stream analytics. It then normalizes the data so analysis can identify abnormal activity, which can come from poorly written code causing memory leaks, CPU overloads or malicious attacks, such as distributed denial-of-service attacks, brute force security attacks or attempts to load malware onto the platform.

SIEM benefits busy administrators

SIEM tools can create rule associations and trigger actions that address security concerns, which reduce management workloads for administrators

SIEM tools can create rule associations and trigger actions that address security concerns, which reduce management workloads for administrators. These actions block or throttle activity by offloading suspicious activity to a less mission-critical area or by alerting the administrator. They can also include immediate remediation through intelligent platform changes that cause malicious activity to fail. In this way, SIEM benefits administrators because they do not have to focus on responding to and mitigating alerts.

SIEM benefits extend to organizations that use machine learning and artificial intelligence, as vendors are adding features that enhance SIEM capabilities against cyber and ransomware ransomware attacks.

Dig Deeper on Data center ops, monitoring and management