Question

What’s the difference between SEM, SIM and SIEM?

Answer
By Justin Stoltzfus | Last updated: July 12, 2021

As three very similar yet distinct types of processes, the three acronyms SEM, SIM and SIEM tend to get confused, or cause confusion for those who are relatively unfamiliar with security processes.

At the core of the issue is the similarity between security event management or SEM, and security information management or SIM.

Both of these types of information collection have to do with collecting security log information or other similar data for long-term storage, or to analyze the security environment of a network.

The key difference is that in security information management, the technology is simply collecting information from a log, which may consist of various different types of data. In security event management, the technology is looking more closely at specific types of events. For instance, experts often cite a "superuser event" as something that security event management technology would be looking out for. You may imagine technologies specifically designed to look for suspicious authentications, account logons or high-level management access at specific times of the day or night.

The acronym SIEM or security information event management refers to technologies with some combination of security information management and security event management. Since these are already very similar, the broader umbrella term can be useful in describing modern security tools and resources. Again, the key is to differentiate the event monitoring from the general information monitoring. Another key way to distinguish these two is to look at security information management as a kind of long-term or broader process, where more diverse data sets may be analyzed in more methodical ways. Security event management, by contrast, is again looking at the specific types of user events that may constitute red flags or tell administrators specific things about network activity.

Share this Q&A

  • Facebook
  • LinkedIn
  • Twitter

Tags

Cybersecurity Information Assurance

Written by Justin Stoltzfus | Contributor, Reviewer

Profile Picture of Justin Stoltzfus

Justin Stoltzfus is a freelance writer for various Web and print publications. His work has appeared in online magazines including Preservation Online, a project of the National Historic Trust, and many other venues.

More Q&As from our experts

Related Terms

Related Articles

Term of the Day

Graph Database

A graph database is a type of NoSQL database that stores data in collections of nodes and edges instead of a series of...
Read Full Term

Tech moves fast! Stay ahead of the curve with Techopedia!

Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.

Resources
Go back to top