Security Incident Event Management (SIEM) software collects data from the different technologies within your system, monitors and analyses that data for deviations and possible security risks, and then takes the appropriate action against those threats. As a system, SIEM was conceived to monitor entire IT networks and keep an eye out for anomalous activity or unusual behaviors, affecting organizations’ internal or external systems.
Akamai’s SIEM Integration Solution integrates third-party Security Information and Event Management (SIEM) applications with Akamai Security Business Unit solutions including Kona Site Defender, Bot Manager, Client Reputation, and Web Application Protector. This solution lets customers choose security configurations and firewall policies that capture and filter security events based on an attack category.
Cloud Security customers can leverage pre-built connectors with Splunk, HP ArchSight, IBM QRadar, and Intel McAfee SIEM applications. They can also develop their own custom connector for specific SIEM solutions. The SIEM connector uses an Akamai API to pull security events data into the SIEM application securely and in real time.
Use on-premise and cloud-based SIEM tools like Splunk, QRadar, ArcSight, and more. You can control and protect the data feed with:
- Event filtering. You can filter the security events to collect in your SIEM by security configuration and security policy, which helps you focus on real threats
- Data retention. The Collector stores security events data for 12 hours, so you can go back in time to capture missed events, if necessary.
- SIEM overload protection. In your SIEM connector, you can define the maximum number of security events fetched in each request to avoid overloading the SIEM application.
- Fetch interval. You can define how often the SIEM connectors make a call to SIEM API to fetch security events data