A Security Event Manager (SEM) is a software program that is used to analyze logs of events on a computer network in order to find actions that may present a security risk. These actions are separated from other events, and then made available for security professionals to act upon appropriately. The use of this type of software allows Information Technology (IT) professionals to more quickly identify and act upon potential threats to a network. There are a number of different programs that have been developed as a security event manager, though most of them function in fairly similar ways.
Sometimes called a security information or security information and event manager, these programs are typically automated systems that can be used in a number of different ways. In general, a security event manager is installed onto a computer system, such as a network, and monitors activities on that system. These programs specifically monitor logs produced based on events that occur during basic operation of the network. A log is a record of activity on a system, and actions such as someone logging into the system, a user providing an incorrect password, and data being received can all create events on that record.
The security event manager software monitors the data collected by these logs and looks for specific types of events. These are then recorded by the manager and sent along to administrators and information technology or IT security professionals authorized to access the system. This allows someone to see information regarding potential security threats against a network much more quickly, rather than reviewing all of the information recorded on activity logs. The use of a security event manager is not strictly required for a secure network, but it can certainly make detecting potential attacks or internal issues much easier.
One of the major flaws of a security event manager within network security, however, is that it can only detect attacks or unusual activity once they have occurred. This means that such programs are not typically effective as deterrents or as ways to protect a system against an attack. Most IT professionals use methods such as firewalls and ongoing penetration testing of a network to look for weaknesses that someone might use to attack that system. This allows them to ensure the network is secure, while using a security event manager to look for flaws they may have missed, or to find potential compromises within the system. These SEM programs typically have to be updated regularly, however, since hackers may be able to develop new forms of attack that bypass detection.