[TABS_R id=8782]
Which of the following is primarily true of SEM systems? (Select the best answer.)
- They perform real-time analysis and detection.
- They focus on policy and standards compliance.
- They consolidate logs to a central server.
- They analyze log data and report findings.
Explanation:
Security Event Management (SEM) systems perform realtime analysis and detection. SEM systems typically analyze log data from a number of sources. Some systems also incorporate incident handling tools that enable administrators to more effectively mitigate threats when they occur.
Security Information Management (SIM) systems, on the other hand, are focused more on the collection and analysis of logs in a nonrealtime fashion. For example, a SIM system might centralize logging on a single device for review and analysis. Some SIM systems also provide assessment tools that can flag potentially threatening events.
A Security Information and Event Management (SIEM) system combines both the realtime aspects of a SEM system and the indepth analysis and timeline generation of a SIM system. Therefore, a SIEM system is a hybrid of a SIM system and a SEM system.
[TABS_R id=8782]