The acronyms SEM, SIM and SIEM have been sometimes used interchangeably, according to Wikipedia. The segment of security management that deals with real-time monitoring, correlation of events, notifications and console views is known as security event management (SEM). The second area provides long-term storage as well as analysis, manipulation and reporting of log data and security records of the type collated by SEM software, and is known as security information management (SIM). As with many meanings and definitions of capabilities, evolving requirements continually shape derivatives of SIEM product-categories. Organizations are turning to big data platforms, such as Apache Hadoop, to complement SIEM capabilities by extending data storage capacity and analytic flexibility.
The term security information event management (SIEM), coined by Mark Nicolett and Amrit Williams of Gartner in 2005.
- the product capabilities of gathering, analyzing and presenting information from network and security devices
- identity and access-management applications
- vulnerability management and policy-compliance tools
- operating-system, database and application logs
- external threat data
TXEcoSystem is designed to provide complete protection against zero-day attacks targeted at endpoint systems and datacenter servers, without requiring any patching. When the IPS detects a rule violation, instead of reporting the alerts to the dashboard which can lead to an overwhelming number alerts, the IPS sends the alerts to the TXEcoSystem. TXEcoSystem will also automatically conduct threat investigations and report if there have been any early attack activities.
- TXEcoSystem is designed with an integration concept in mind. Its flexible deployment options and friendly restful API interfaces make integration an easy task
- TXEcoSystem is built to automatically perform attack incidence investigations in order to detect the earliest and the least obvious indicators of an attack
- Once an early attack indicator is detected, the TXEcoSystem agent will block the attack when the actual attack is launched
- TXEcoSystem will perform a real time pen test to determine if the same weakness exist in other network systems
- TXEcoSystem automatically learns from detected attack behavior and updates its internal rules in order to improve its detection and analysis engines.