Alphabet Soup: Deciphering SIEM and 23 More Pieces of Security Jargon

alphabetsoupSIEMIn the past decade, Security Information and Event Management (SIEM) has emerged as one of the most essential tools in IT security. In 2016, SIEM is a mature market, and a mainstay in enterprise security, but that doesn’t mean that dealing with SIEM and security analytics solutions has gotten any easier over the past decade.

SIEM has a reputation as a complex and convoluted product, and those complications often start with the most basic roadblock: jargon.

There is a seemingly endless torrent of terminology surrounding information security, and the acronyms just keep piling up—first there was SIM and SEM, now we have SIEM. CmDb, DLP, DPI—it can all get a little dizzying. Worst of all, you can hardly find an explanation that doesn’t reference another half dozen ciphered terms.

SIEM may be keeping security from drowning in event data but it’s burying them in acronyms.

Here at Solutions Review, we do our best to provide IT professionals with the top information security best practices, news and buyer’s guides, so to help you out we’ve defined a few of the top SIEM terms and acronyms, including SIEM itself.

We hope you find the following 24 definitions useful.

PS. Keep your eyes peeled for our forthcoming full SIEM glossary, with over 50 terms defined and organized in an easy-to-navigate format.


Those of you looking for a more in-depth breakdown of the SIEM market may also be interested in the following resources:

Compare the capabilities of the top SIEM vendors with Gartner’s 2015-2016 SIEM Critical Capabilities Report. Get your copy here.

Looking for a straight forward, side-by-side look at what each SIEM solution provides? Check out the new 2016 Solutions Review SIEM Buyer’s Guide to get a little more background information on today’s top 24 SIEM providers.


An advanced persistent threat (APT) is a type of network attack in which an unauthorized entity gains access to a network and stays there,undetected, for an extended amount of time. Usually, the perpetrator of an APT wants to escalate their own privileges in order to steal data, rather than damaging the network, which would likely blow their cover..

Big Data is a broad term used to describe unconventional data sets which are either too large or too complex to be dealt with using traditional data-processing techniques.

Compliance – In IT and data storage terminology, compliance refers to organizational compliance with government regulations regarding data storage and management and other IT processes.

A Configuration Management Database (CmDb) is a database containing all necessary information about an organization’s IT systems, the components of those systems, and their relationships. In the context of a CmDb, all components of an IT system (software, hardware, personnel, etc.) are referred to as configuration items (CI), and are tracked by a configuration management process.

Data Migration is the process of moving data between two or more storage systems, data formats, warehouses or servers.

A Database is an organized collection of data.

Data Loss Prevention (DLP) products are tools that help network administrators prevent data loss (duh) by controlling which data end users may transfer.

Deep Packet Inspection (DPI) is a network packet filtering process that examines data contained in a packet for non-compliance, viruses, malware, or other unwanted components.

Encryption is the process of transforming data into an unintelligible form so the original data either cannot be obtained or can be obtained only by using a decryption process.

Flow – A single transmission of data passing over a link during a conversation.

A flow log Is a collection of flow records.

Flow sources  are the origins from which flow is captured. A flow source is classified as internal when flow comes from hardware installed on a managed host or it is classified as external when the flow is sent to a flow collector.

A gateway is a device or program used to connect networks or systems with different network architectures.

Incident response is an organizational approach to addressing and managing the aftermath of a  breach or attack (AKA an incident). An Incident Response Plan aims to limit damages incurred by an incident and bring down recovery time and costs.

Infrastructure – Information technology (IT) infrastructure is a combined set of hardware and virtual resources that support an overall IT environment.

Log files are files that record either events that occur in an operating system or software, or messages occurring on communication software. For example, when a failed login to an E-mail system occurs, a log file is created to record that even.

Logging is the act of keeping a log for an extended period of time.

Log aggregation is the practice of collecting log data in a centralized location where it can be analyzed more effectively.

Log management is the workflow, devices, procedures, policies and other systems in place governing the collection, aggregation, and analysis of network log data.

Log Source is either the security equipment or the network equipment from which an event log originates.

Security Information and Event Management, or SIEM (pronounced ‘sim’ as in SIMcard, or SimCity) is a term for software and services that combine security information management (SIM) tools, which are geared towards log collection and report generation, with security event management (SEM) tools, which focus on real-time event analytics, correlation, and alerting. SIEM solutions are complex systems that help organizations decrease the impact of advanced cyber attacks by proactively monitoring the network for irregular activity in real-time.

Security Event Management (SEM) solutions are software tools that centralize storage and interpretation of logs and events generated on a network. SEM is the real-time event monitoring, correlation, and notifications that most compliance regulations want you to have.

Security Information Management (SIM) solutions are tools that automate the collection, monitoring, and analysis of security-related data from computer logs.

User Behavior Analytics (UBA) is defined by Gartner, as a cyber security process aimed at the detection of insider threats, targeted attacks, and financial fraud via the analysis of patterns of human behavior. UBA solutions analysis large volumes of data about users on a network and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns, which could alert administrators to an imminent threat.

Jeff Edwards
Follow Jeff

Jeff Edwards

Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

Leave a Reply

Your email address will not be published. Required fields are marked *