From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Security information and event management
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Security information and event management
- [Instructor] Now you know that log files are an important security control because they allow IT professionals to detect suspicious activity taking place on their systems, networks and applications. However if you're like most security professionals, you simply don't have the time to do a thorough job of reviewing those detailed logs. There are just far too many log entries generated by systems every day and trudging through them would be tedious, mind numbing work and fortunately for us, computers are very good at tedious work and most organizations now go beyond the simple reporting and alerting mechanisms that I discussed in the last video and apply artificial intelligence approaches to the problem of security log analysis. Security Information and Event Management or SIEM systems have two major functions on an enterprise network. First, they act as a central, secure collection point for log entries from a…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.