An organization is struggling to differentiate threats from normal traffic and access to systems. A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?a. Web application firewall b. SIEM c. IPS d. UTM e. File integrity monitor

In this scenario, an organization is struggling to differentiate threats from normal traffic and access to systems. A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. The solution the engineer should recommend is the Security information and event management (SIEM).

Security information and event management is an enterprise software that provides a holistic view and analyzes activity from various resources across an entire information technology (IT) infrastructure.

The SIEM is used to aggregate important data from multiple source such as servers, routers, firewall, switches, domain controllers, antivirus software and analyzes the data to detect any threat, deviation from the norm, as well as investigate in order to take appropriate actions. Some examples of the SIEM system are IBM QRadar, Splunk, LogRhythm etc.