[TABS_R id=8782]
Which of the following is not true of SIM systems? (Select the best answer.)
- They perform realtime threat detection.
- They focus on policy and standards compliance.
- They consolidate logs to a central server.
- They analyze log data and report findings.
Explanation:
Security Information Management (SIM) systems do not perform realtime analysis and detection. SIM systems are focused more on the collection and analysis of logs in a nonrealtime fashion. For example, a SIM system might centralize logging on a single device for review and analysis. Some SIM systems also provide assessment tools that can flag potentially threatening events.
Security Event Management (SEM) systems perform realtime analysis and detection. SEM systems typically analyze log data from a number of sources. Some systems also incorporate incident handling tools that enable administrators to more effectively mitigate threats when they occur.
A Security Information and Event Management (SIEM) system combines both the realtime aspects of a SEM system and the indepth analysis and timeline generation of a SIM system. Therefore, a SIEM system is a hybrid of a SIM system and a SEM system.
Security Information Management (SIM) systems do not perform realtime analysis and detection. SIM systems are focused more on the collection and analysis of logs in a nonrealtime fashion. For example, a SIM system might centralize logging on a single device for review and analysis. Some SIM systems also provide assessment tools that can flag potentially threatening events.
Security Event Management (SEM) systems perform realtime analysis and detection. SEM systems typically analyze log data from a number of sources. Some systems also incorporate incident handling tools that enable administrators to more effectively mitigate threats when they occur.
A Security Information and Event Management (SIEM) system combines both the realtime aspects of a SEM system and the indepth analysis and timeline generation of a SIM system. Therefore, a SIEM system is a hybrid of a SIM system and a SEM system.
[TABS_R id=8782]