Security Information and Event Management

The Security Information and Event Management (SIEM) system provides analysis of security alerts generated by security devices such as firewall, applications and network hardware. It continuously monitors and detects any potential modern attacks, such as advanced persistent threats and insider threats at CityU. With the use of multiple collectors, event categorisation, event normalisation and correlation of events from disparate system, the SIEM can effectively and quickly identify critical event or security incident.  In addition, the SIEM can provide a single dashboard to display the security alarm as well as service and standard compliance status.  All these benefits will ensure a better IT service and security management.