Security information and event management (SIEM) systems first appeared around 2000 from vendors such as Intellitactics, NetForensics, and eSecurity. The original functionality centered around event correlation from perimeter security devices such as IDS/IPS and firewalls.The SIEM market evolved over the past 19 years, with different vendors, functionality, and use cases. SIEM has also grown into a $2.5 billion market, dominated by vendors such as Splunk, IBM, LogRhythm, and AT&T (AlienVault).Despite the SIEM evolution, today’s products can be seen as super-sized versions of those of yesteryear. In fact, the original design of SIEM seemed like a knockoff of network and systems management tools CA Unicenter, HP OpenView, and IBM Tivoli. SIEM products were based upon a tiered architecture of distributed data collectors/indexers/processors and a central database used for data analytics, visualization, and reporting.To read this article in full, please click here
Read the full article