Computers, network and security devices, and the applications that run on them generate records called logs that consist of a series of messages in time-sequence that describe activities going on within the system or network. Log data represents the digital footprints of activities that occur within the network or system. These data may be streamed to a central platform which can be reviewed to detect anomalous activities.
A Security Information and Event Management (SIEM) provides a single centralized platform for the collection, monitoring, and management of security-related events and log data from across the enterprise. Because a SIEM correlates data from a wide variety of event and contextual data sources, it can enable security teams to identify and respond to suspicious behavior patterns more effectively than would be possible by looking at data from individual systems.
Download this guide to learn more.