Technology and Product Review for an SIEM Solution There are different approaches that are utilized for security management, which has resulted in the emergence of different security technology categories including security information and event management (SIEM), which is designed to provide a holistic view of IT security. It is based on the principle that relevant information regarding an organization's security is generated from various sources/locations. Therefore, examining each of these locations helps in identifying trends and patterns within the organization's security system.

Overview of SIEM

SIEM, which stands for security information and event management, can be described as an approach for management of security through a holistic view of information technology security within an organization (Rouse, 2014). This approach provides a holistic view for examining an organization's IT security through combining security information management (SIM) and security event management (SEM) into a single security management system. Through combination of these systems, SIEM enables speedy identification, evaluation, and recovery of security incidents. Additionally, the system enables compliance managers to confirm whether the organization is fulfilling legal compliance requirements.

SIEM systems work through gathering security log data from different sources within the organization including operating systems, security controls, and applications (Scarfone, 2015). Once security log data is obtained, the system processes it in order to normalize its format, analyze the standardized data, provide alerts in case of any anomalous...

There are certain SIEM products that are also designed and structured to block malicious activity when detected. In this case, such activities are blocked through various processes including running scripts that prompt reconfiguration of security controls like firewalls (Scarfone, 2015). SIEM products are usually available in various forms with relatively similar capabilities but different cost and performance. The most common forms of SIEM products include hardware appliances, cloud-based, conventional server software, and virtual appliances.
Product Review

One of the most commonly used SIEM products is McAfee, which is positioned as a leader in Gartner Magic Quadrant for Intrusion Prevention Systems (IPS) for the last nine years (Burnham, 2015). McAfee's position as a leader in IPS was determined following an analysis of overall liability, product track record, customer experience, operations and marketing execution, market responsiveness, and sales execution of products within this category. This SIEM product is sold by McAfee, which is a California-based firm that is part of Intel Security (Lawson, Hils & Neiva, 2015). This large security vendor has a significant product portfolio throughout different security locations including server, network, and content. The…