With the growing volume of information that is processed and transmitted between various information systems (IS), organizations and individual users are increasingly dependent on the continuity and correctness of these processes. To respond to security threats in the IS, you need to have tools that allow you to analyze real-time events, the number of which is only growing. One solution to this problem is to use SIEM systems. The fundamental principle of the SIEM system is that information about the security of the information system is collected from various sources, and the result of their processing is provided in a single interface, accessible to security analysts, which facilitates the study of the characteristic features corresponding to security incidents. SIEM is a combination of information security management systems (SIM) and security event management (SEM) into a single security management system. The SIM segment is mainly responsible for the analysis of historical data, trying to improve the long-term effectiveness of the system and optimize the storage of historical data. The SEM segment, by contrast, focuses on unloading from a given data a certain amount of information by which security incidents can be immediately detected. As the demand for additional capabilities grows, the functionality of this category of products is constantly expanding and supplementing.

One of the main goals of using SIEM systems is to increase the level of information security in the existing architecture by providing the ability to manipulate security information and proactively manage security incidents and events in near real-time mode.

Proactive management of security incidents and events involves making decisions before the situation becomes critical. Such control can be carried out using automatic mechanisms that predict future events based on historical data, as well as automatically adjusting the monitoring parameters of events to a specific state of the system.

SIEM is represented by applications, devices or services, and is also used for data logging and reporting for compatibility with other business data.

The concept of information security event management (SIEM), introduced by Mark Nicolett and Amrit Williams of Gartner in 2005, describes the functionality for collecting, analyzing and presenting information from network and security devices, identification applications (credential management) and access control, tools Maintaining security policies and tracking vulnerabilities, operating systems, databases and application logs, as well as information about external threats. The focus is on managing user and service privileges, directory services and other configuration changes, as well as providing audit and log review, incident response.

I carry out the installation, configuration and maintenance of SIEM systems, monitoring systems, intrusion detection and prevention systems, firewalls, VPN services, risk management systems and other information security systems. I implement information security standards: NIST, SCAP, PCI DSS, GDPR, ISO 27001 and others.