Security Information and Event Management (SIEM) is about looking at the security of your IT landscape through a larger lens than can be provided by single security controls or information sources. For example:

  • Your Asset Management system only sees applications, business processes and administrative contacts.
  • Your Network Intrusion Detection system (IDS) only understands Packets, Protocols, and IP Addresses
  • Your Endpoint Security system only sees files, usernames, and hosts
  • Your Service Logs show user sessions, transactions in databases and configuration changes
  • File Integrity Monitoring (FIM) systems only see changes in files and registry settings

None of these technologies, by themselves, can tell you what is happening to your IT landscape and your business. Hence, the great interest in SIEM, in companies of all sizes.

SIEM is essentially a management layer above your existing systems and security controls. SIEM connects and unifies information from disparate systems, allowing them to be analyzed and cross-referenced from a single interface.

SIEM gathers IT related security information in an automated way, combines and analyses it, to achieve timely insight and to be able to react proactively on activities that might have a negative impact on the integrity, confidentiality and availability of data and IT assets.


SIEM uses existing logging- and monitoring facilities or provides its agents to capture the information. It combines this information and reports on the security status of the IT landscape as well as on security related activities.

SIEM monitors the IT landscape continuously and almost in real time. It is used for the automated monitoring of systems, applications, databases, networks

  • to detect abuse in an early stage
  • to have a continuous overview of the compliance with internal or external requirements
  • to support the investigation of incidents with log data analysis

The real power of SIEM is in the combination of log data from different sources:

  • network,
  • databases/middleware,
  • operating systems,
  • applications.

On each of these technology layers security related events can happen. SIEM aggregates and correlates this data.

SIEM solutions enable organizations to analyse large amounts of log data at any moment for security reasons. Most SIEMs also provide standard compliancy reports for different compliancy regulations. This information helps auditors to have a more complete and timelier picture of the compliancy status of their IT landscape.


SIEM is not only about Technology, People and Process; it’s an essential part of your risk management and security strategy.

Compliancy requirements focus your security on those IT systems which require special attention from a regulatory perspective. Your organisational risks provide another perspective on which IT systems are most relevant to include in your SIEM implementation.

SIEM systems have the flexibility to be adapted to the focus of an organisation! The risk profile and risk tolerance of organisations can be quite different. This can result in a SIEM solution of a smaller scale, but also in a SIEM implementation as part of a larger security program.

Not only the risk profile and the risk tolerance of an organization can change over time.

IT systems also change, are replaced or phased out. Your logging aggregation and correlation needs to follow the changes in your environment. Your SIEM product will need updates, upgrades, and patches. Compliancy rules change, reporting needs to be adjusted over time.

Therefore, it is important to evaluate your SIEM implementation periodically.

SIEM requires the application of use cases or threat detection rules. Each organisation has different sources of data and events.

SIEM platforms include a standard set of out of the box, pre-defined rules and use cases. Each rule evaluates the data ingested and raises an alert when a potentially malicious pattern of events is identified. Alerts are reviewed by an organisation’s in-house or outsourced security team and, in some cases, are used to trigger automated responses.

It’s all too easy to assume that investing in an out of the box SIEM means that the use cases it comes with are set up to work immediately. the reality is that tuning, and configuration is required to ensure that they perform effectively.


The reasons you would need a Managed Security Monitoring service like SecureNow are:

  • More time and resources are freed up to focus on your business
  • You have access to expertise and tools
  • We share expertise over different customers
  • We provide flexible service models adapted to your needs and budget

Service Integrators provides an affordable alternative to in-house SIEM, with Security Operations Services tailored to your needs.

Our Managed Security Monitoring service comprises the technical platform, processes, and security analysis services. The SIEM monitoring system collects, correlates, and analyses the log data from your IT or OT environment. Security Use Cases based on international and/or customized standards generate alerts. Those alerts will be analyzed by security specialists in our Security Operations Center. You will be informed about what actions to take and we will assist you to solve incidents as soon as possible.

We deliver our SIEM as a Service based on the Elastic Stack, so that you only need to consume the SIEM capabilities and integrate them into your IT operations.

Depending on your security maturity you can start small and gradually expand the surface you want to monitor and protect.

Our services include:

  • Log consolidation, normalisation, and intelligent filtering so that the output is ready for your or our security analysts
  • Log management for the logs that are generated and consumed by the SIEM
  • SIEM infrastructure, either on premise or in the cloud
  • Constant update of rulesets from trusted resources and tailored to your objectives
  • All Security Operations Services tailored to your needs and budget