TABLE OF CONTENTS Enterprise security management (ESM) is a general term that has been applied to security event monitoring and analysis software. There have been plenty of acronyms thrown around over the years to describe these solutions such as:
SIM Security Information Management
SEM Security Event Management
SIEM Security Information and Event Management
And many others
Regardless of the acronym, the focus of ESM solutions is to allow an analyst to monitor an organization s infrastructure in real-time regardless of product, vender and version. The vendor agnostic approach helps simplify tasks related to analysis, reporting, response and other facets of event morning. ESMs have traditionally been applied to IT security, insider threats and compliance, but there extensibility has stretched far beyond these areas in the last few years to include a wider set of solutions. However, it all starts by first collection events. These events can come from any number of sources including:
Traditional security products
Firewalls
Intrusion Detection and Prevention Systems
VPNs
Anti-virus
Identity Management Systems
Network Devices
Routers
Switches
Wireless Access Points (WAP)
Mainframe, Server and Workstation Information
Operating Systems
Applications
Physical Security Solutions
Badge Readers
Video Cameras
Heating Ventilation and Air Conditioning (HVAC)
Various Others
Vulnerability Scanners
Policy Managers
Asset Managers
Proprietary and Legacy Solutions
Mobile Devices
Telephony Systems
RFID
Point Of Sale (POS) Systems
GPS
