Security information and event management (SIEM) is key to robust data security. A centralized means of collecting events and alerts, SIEM aggregates and analyzes data from multiple systems to identify anomalous behavior and flag potential threats.
Agencies can use SIEM along with security orchestration, automation and response (SOAR) to manage varied inputs and apply multiple controls.
SIEM offers key capabilities in support of state and local modernization efforts. As state and local agencies migrate to cloud environments, they need new tools to better manage cybersecurity.
“Most agencies have now adopted some form of multicloud strategy. Where is that data being generated? What network is it coming over, what service is being delivered, and who's asking for the service?” says Bill Rowan, vice president of public sector at Splunk. “SIEM is collecting that data and applying real-time analytics.”
This helps agencies bring their protections up to current standards, giving state and local governments “the same solutions that are used at the biggest enterprises in the world, whether you’re talking about banking, finance, healthcare or logistics,” Rowan says.
SIEM also can help state and local IT teams to be more consistent as they seek to secure disaggregated IT deployments.