I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.”
“Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, and just recently made the jump to security software, hence my question.
“Because SIEMs are hard to use. A SIEM purchase is just a checked compliance box,” they said.
For some organizations, it seems it is easier to use a log manager than a SIEM.
But a modern SIEM should and will make an analyst’s job easier.
You might ask yourself, why would I need a SIEM if I have a log manager?
Let’s be honest — we know cyber criminals do not want to be caught. Once they infiltrate your system, they can cover their tracks by turning off or altering the logs that captured their activity.
And although log managers do serve a purpose in your organization and do help to improve operational efficiency, SIEMs are a key tool in proactive security practices.
It is important to start with the fact that a SIEM does not replace your other security tools. You still need those other security tools, like your anti-malware software or firewalls — many of which feed key data into a SIEM.
Appropriately named, security information and event management software collects data from your environment and all your security tools. A SIEM then uses a combination of real-time correlation, anomaly detection, machine learning and user behavior analytics to find both known and unknown threats.
< ..
Support the originator by clicking the read the rest link below.
