How is SIEM different from general event log management and monitoring?
In some ways, Security Information and Event Management (SIEM) is different than the normal, average event log management that businesses use to look at network vulnerability and performance. However, as a kind of blanket term for a range of technologies, SIEM is in many ways built on the core principle of event log management and monitoring. The biggest difference may be the actual techniques and features involved.
Generally, SIEM is a combination of security information management (SIM) and security event management (SEM). What that means is that SIEM systems incorporate a lot of general capturing of digital log recording, along with more specific systems that look at user events in context. For example, a SEM or security event management resource may be set up to capture different kinds of specific reports on account logins that happened at a certain access level, at a certain time of the day, or in a certain pattern that network administrators can use to sense danger, or deal with various types of administrative issues. However, a security information management system offers broader reports based on all of the aggregate data that is collected about network traffic.
Some experts have defined ideas of how SIEM supersedes the average event log monitoring tool. For example, some suggest that the major value of SIEM is in more specific reports, and more specific features that reveal more about developed outcomes in a network. Where event log monitoring and management may just offer a generic view of what gets generated in a log process, SIEM tools can offer a lot of proprietary value, in terms of really getting into network activity and seeing what goes on in a network.
Being digital should be of more interest than being electronic.- Alan Turing, 1947