Question

How is SIEM different from general event log management and monitoring?

Answer

In some ways, security information and event management (SIEM) is different than the normal, average event log management that businesses use to look at network vulnerability and performance. However, as a kind of blanket term for a range of technologies, SIEM is in many ways built on the core principle of event log management and monitoring. The biggest difference may be the actual techniques and features involved.

Generally, SIEM is a combination of security information management (SIM) and security event management (SEM). What that means is that SIEM systems incorporate a lot of general capturing of digital log recording, along with more specific systems that look at user events in context. For example, a SEM or security event management resource may be set up to capture different kinds of specific reports on account logins that happened at a certain access level, at a certain time of the day, or in a certain pattern that network administrators can use to sense danger, or deal with various types of administrative issues. However, a security information management system offers broader reports based on all of the aggregate data that is collected about network traffic.

Some experts have defined ideas of how SIEM supersedes the average event log monitoring tool. For example, some suggest that the major value of SIEM is in more specific reports, and more specific features that reveal more about developed outcomes in a network. Where event log monitoring and management may just offer a generic view of what gets generated in a log process, SIEM tools can offer a lot of proprietary value, in terms of really getting into network activity and seeing what goes on in a network.

Related Terms

Justin Stoltzfus

Justin Stoltzfus is an independent blogger and business consultant assisting a range of businesses in developing media solutions for new campaigns and ongoing operations. He is a graduate of James Madison University.Stoltzfus spent several years as a staffer at the Intelligencer Journal in Lancaster, Penn., before the merger of the city’s two daily newspapers in 2007. He also reported for the twin weekly newspapers in the area, the Ephrata Review and the Lititz Record.More recently, he has cultivated connections with various companies as an independent consultant, writer and trainer, collecting bylines in print and Web publications, and establishing a reputation…