If some activity slips by the SEM guard, the SIM processes will spot it – better late than never. The combination of SEM and SIM into SIEM tries to use all available methods to shore up a system on the fly.
The disadvantage of SIM is that it can only see malicious activity once it has already occurred. The advantage of the SIM approach is that a sequence of events that amount to malicious activities can be seen from the historical perspective. The sheer volume of event log records means that it is impossible to read through them manually. A computer program is much better at spotting data in thousands of records that the human eye ever could. SIM systems look for patterns of activities that are recorded in log files.
#Best database software with networking series
However, SEM misses certain activities because a malicious activity can be broken down into a series of steps, which individually seem harmless but when viewed as a group highlight suspicious activities. SEM systems can filter out relatively unimportant event messages. This results in thousands of mundane and apparently innocuous messages written to log files. So, just to be on the safe side, software producers generate event log messages for just about every little bit of activity.
There is no way of knowing well in advance, what new techniques will emerge someday. Unfortunately, the designers and writers of programs can’t predict what methods intruders will use in order to interfere with a computer. If you want to fix a problem, the first thing you need to find out is what caused it. The development of event logging means even if there is an intrusion on your computer or network, there will be a record of that activity.
Connecting a computer to the internet escalates the risks, and wifi capabilities mean that hackers can get at your computer through the walls even when the device is turned off. The vast majority of the world’s population would find little use from a computer without an operating system or any software at all, and so we all run a security risk. Even a computer without an operating system could potentially get infected because all of the electronic components on the motherboard has embedded firmware in it. Even a pristine computer bought by a programmer that will never have software installed on it from external sources is at risk if it has an operating system. The minute a file gets copied onto a computer, the risk of virus infection increases. No computer is completely immune to malicious intrusion or attack. Whether log file integrity is part of SEM or SIM, it certainly is part of SIEM. However, SIM is concerned with log file data, and so protecting that source information should be part of SIM. The alteration of log files is a security event, and so should be monitored by SEM. Hackers know about the existence of event logs and so cover their tracks either manually or through a Trojan element by deleting or altering any records in the event logs that might have recorded the malicious activity. One aspect of a responsibility that could be the responsibility of either SEM or SIM or both is the monitoring of log file integrity. There are a number of gray areas between SEM and SIM, which is why it is better to look at event messages in terms of SIEM, the unified security software category. SolarWinds Security Event Manager (FREE TRIAL)
0 kommentar(er)
