高效的安全信息与事件管理（SIEM）设计

Highly Efficient SIEM Desgin

业务系统中的安全防护技术和产品发展至今，已经非常全面了，包括了防火墙、IDS、主机防护、防病毒、VPN等等，但由于融合度低，容易形成一个个的安全孤岛。现在这些技术产品如果全部纳入了安全信息与事件管理之中。不仅能完成对于这些技术产品的整合，还满足了企业日常管理的需求。比如说安全风险评估策略、防病毒策略、安全资产的管理、安全事故的处置流程等等。本文重点在于如何建立和设计一个高效能的SIEM。

Business system of security technology and product development up to now, has been very comprehensive, including the firewall, IDS, host protection, antivirus, VPN, etc., but due to the alignment is low, easy to form the safety of the island. Now all these technology products, if incorporated into the security information and event management. Not only can finish for the integra- tion of these technology products, also meet the needs of the enterprise daily management. This article focuses on how to build and design a highly efficient SIEM.