Logging of security events and information from many devices and processes into one - can aggregate and log different types of data that the security administrator is constantly watching
. Protocol that allow synchronization of all different device clocks
. Vendor neutral standard for message logging - allows transfer of logs between very different devices
. One time write technology where logs are stored to prevent them from ever being changed (DVD-R is an example)
. What the SIEM does to filter out noise and focus only on the events that matter
. Procedure, process, and tools combined to stop leakage of valuable or sensitive information; looks for certain types of information in messages being sent, etc.
. Think of the DoD worm that was introduced in 2008 as an example - can use GPO to cheaply prevent
. Every bit and byte going over the cloud is analyzed, can provide URL blocking, malware prevention, etc.
. Biggest leak of info, so every inbound and every outbound is analyzed and filtered for certain keywords, etc.
.
