{"id":2375,"date":"2018-12-28T11:00:01","date_gmt":"2018-12-28T15:00:01","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=2375"},"modified":"2018-12-21T11:25:31","modified_gmt":"2018-12-21T15:25:31","slug":"what-is-contextualization-in-siem","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/","title":{"rendered":"What is Contextualization in SIEM?"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-2173\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD.jpg\" alt=\"What is Contextualization in SIEM?\" width=\"800\" height=\"433\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD-300x162.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD-768x416.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD-499x270.jpg 499w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD-150x81.jpg 150w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD-333x180.jpg 333w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Security event alerts serve as a key component to any enterprise\u2019s SIEM solution; these alert (appropriately enough) your IT security team to the security events and correlations indicative of a threat on your network. When used in conjunction with log management and threat detection, security alerts significantly improve visibility into your enterprise network. \u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a href=\"https:\/\/logrhythm.com\/forrester-wave-security-analytics-analyst-report-2018\/?utm_source=Solutions-Review&amp;utm_medium=cpc&amp;utm_campaign=Solutions-Review&amp;AdGroup=&amp;utm_program=NAcpc1&amp;utm_content=C-Download-Now&amp;utm_region=NA&amp;utm_language=en\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/10\/PM_Forrester_Wave_Display_C.jpg\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, your <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/top-solutions-review-siem-articles-2018\/\" target=\"_blank\" rel=\"noopener\">SIEM<\/a>\u2019s alerting system can prove a double-edged sword: even the most advanced next-generation <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/top-6-siem-vendors-to-watch-in-2019-solutions-review\/\" target=\"_blank\" rel=\"noopener\">SIEM<\/a> solution can and does create false positives\u2014alerts which mistake everyday activity or an innocent mistake as a potential security incident. These false positive alerts can stretch your IT security resources and talent thin. In turn, they can increase the burnout rates in often dangerously understaffed cybersecurity departments. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Compounding the dangers of false positives, legitimate security alerts often end up buried under the false positive alerts. This allows the former to dwell and thus cause additional damage as IT security teams investigate the false positives or neglect the alerts altogether due to burnout. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The solution to this problem, thankfully, lies in another <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/whats-changed-gartner-2018-siem-magic-quadrant\/\" target=\"_blank\" rel=\"noopener\">SIEM<\/a> key capability: contextualization. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>What is Contextualization? <\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Contextualization, especially real-time contextualization, as a capability takes care of some of the investigative legwork of analyzing security alerts as they are generated. They can provide IT security teams with relevant supplemental information associated with the security alerts. This can include the users involved, their enterprise departments, the location of their activity geographically and on the network, and the time of their suspicious activity. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">With this information correlating the threat with real-world activity, your IT security team can understand security alerts in greater depth and thus pursue the incidents in a much more streamlined and focused fashion rather than haphazardly chasing every lead. It also allows them to detect and remediate threats faster than ever before. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In some senses, you can think of contextualization as an extension of <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/5-questions-ueba-samir-jain-of-logrhythm\/\" target=\"_blank\" rel=\"noopener\">UEBA<\/a> capabilities, as the SIEM solution analyzes user and entity behavior to recognize malicious activity and validate security alerts before your IT security team sees them. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">As with any technology, contextualization is not perfect; you will still need an energetic and engaged security team to make sure your cybersecurity platform functions optimally and knows what behaviors are considered suspicious. However, contextualization can alleviate some of the burdens on them and free them to more actively pursue digital threats. \u00a0\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Where Can I Get Contextualization for My SIEM?<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Legacy SIEM solutions won\u2019t offer the threat detection, security event correlation, alerting or contextualization your enterprise needs. Without these capabilities working in tandem and as part of a comprehensive cybersecurity platform, your enterprise will be woefully underprepared to face modern digital threats like fileless malware and advanced persistent threats. As a first step, your enterprise should select and deploy a next-generation SIEM solution, working with your security to ensure its optimal performance. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">And as you make your selection, evaluate each solution\u2019s alerting system. Do they offer the contextualization you\u2019ll need to keep the security alerts from overwhelming your security professionals? What information does it draw upon for its contextualization? And what information does your team need to make the best decisions?<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">With this information in hand, selecting the right SIEM solution should be a snap. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security event alerts serve as a key component to any enterprise\u2019s SIEM solution; these alert (appropriately enough) your IT security team to the security events and correlations indicative of a threat on your network. When used in conjunction with log management and threat detection, security alerts significantly improve visibility into your enterprise network. \u00a0\u00a0 However, [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":2173,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551],"tags":[353,95,212,21,57,22,280],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What is Contextualization in SIEM? Solutions Review Answers!<\/title>\n<meta name=\"description\" content=\"What is contextualization? How can it help your IT security team sort throught the myriad alerts generated by your SIEM solution?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is Contextualization in SIEM? Solutions Review Answers!\" \/>\n<meta property=\"og:description\" content=\"What is contextualization? How can it help your IT security team sort throught the myriad alerts generated by your SIEM solution?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-28T15:00:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-12-21T15:25:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"433\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/\",\"name\":\"What is Contextualization in SIEM? Solutions Review Answers!\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD.jpg\",\"datePublished\":\"2018-12-28T15:00:01+00:00\",\"dateModified\":\"2018-12-21T15:25:31+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"What is contextualization? How can it help your IT security team sort throught the myriad alerts generated by your SIEM solution?\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD.jpg\",\"width\":800,\"height\":433,\"caption\":\"SecureLink and Ponemon: Crisis in Third-Party Remote Access Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is Contextualization in SIEM?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\",\"description\":\"Buyer&#039;s Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What is Contextualization in SIEM? Solutions Review Answers!","description":"What is contextualization? How can it help your IT security team sort throught the myriad alerts generated by your SIEM solution?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/","og_locale":"en_US","og_type":"article","og_title":"What is Contextualization in SIEM? Solutions Review Answers!","og_description":"What is contextualization? How can it help your IT security team sort throught the myriad alerts generated by your SIEM solution?","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","article_published_time":"2018-12-28T15:00:01+00:00","article_modified_time":"2018-12-21T15:25:31+00:00","og_image":[{"width":800,"height":433,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/","name":"What is Contextualization in SIEM? Solutions Review Answers!","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD.jpg","datePublished":"2018-12-28T15:00:01+00:00","dateModified":"2018-12-21T15:25:31+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"What is contextualization? How can it help your IT security team sort throught the myriad alerts generated by your SIEM solution?","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/09\/Mechanical-Eye-MOD.jpg","width":800,"height":433,"caption":"SecureLink and Ponemon: Crisis in Third-Party Remote Access Security"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-is-contextualization-in-siem\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"What is Contextualization in SIEM?"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","description":"Buyer&#039;s Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/2375"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=2375"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/2375\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/2173"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=2375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=2375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=2375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}