The present invention generally relates to a computer device, particularly to a security management device communicationally-connected to the computer device. Particularly, the present invention provides the closer interaction between the computer device and the security management device to jointly achieve better security protection.
For network and information security, large enterprises or organizations have been widely adopted security information and event management (SIEM) systems. The SIEM system provides security intelligence, event response, records management, and all kinds of statements by combining events, threat and risk information together according to logs provided by a wide range of computer systems in an internal network system.
For the existing SIEM system, refer to IBM's SECURITY QRADAR® SIEM or HP's ARCSIGHT SECURITY INFORMATION & EVENT MANAGEMENT (SIEM).
For the prior art related to SIEM, refer to, for example, WO 2013019198 or US PUB. 2011/0264608.