Can anybody please explain me the difference between SIM and SIEM????
Thanks in advance
My name's Paul Stamp and I just joined RSA from Forrester where I covered this space.
Anyway, there's three terms that get bandied around - Security Event Management (SEM), Security Information Management (SIM), and Security Information and Event Management (SIEM)
So in the past people have looked at SEM as real time alerting - mainly trying to reduce false positives from IDS. On the other hand SIM was really used to refer to products that mainly did reporting, auditing and historical analysis.
However, as time went on, most products started to do both - very few just looked at realtime or historical data. As an analyst, I referred to the whole space as SIM regardless, because you need all types of information to do both reporting and real time analysis and alerting. Also, is not an event just another piece of security information?
Gartner on the other hand coined the phrase SIEM to reflect this - and they're a lot bigger and more influential than Forrester. So it's stuck - I personally believe its a bit unwieldly but hey, we need to call this stuff the same thing as our customers.
Hope this helps
Thanks for the information. It has cleared my doubt and may be it will be helpful for others too.
By the way, I was just reading your "Correlation is no silver bullet" blog. Interesting read.
Retrieving data ...