SIEM Logging for Critical Systems

NICE CXone uses automated Security Information and Event Management (SIEM) applications. SIEM applications aggregate and monitor logs from critical systems. They do so in public and private cloud services.

Infrastructure

Selections for monitoring are prioritized as follows:

  • Systems that manage authentication.

  • Systems that control access or act as security gateways.

  • Production systems that directly process, transmit, or store client-sensitive data.

  • Other systems as required based upon compliance or risk assessment.

Examples include:

  • Critical network and system assets such as:

    • Firewalls

    • Load balancers

    • Core switches

    • Edge routers

    • Anti-virus servers

    • Voice gateways

  • Other devices identified via an audit are added or not added, based on:

    • Risk level

    • Resources

    • Cost

Product servers of high risk may include:

Devices responsible for authentication, access control, and that contain or handle data are typically monitored. Other servers are added to the SIEM applications as log sources and identified, as required.