SIEM is like the choirmaster of all your security devices. Other systems only perform/provide the following:
- Intrusion detection system (IDS) only understand Protocols,Packets & IP addresses.
- Asset management systems check apps, owners and business processes.
- Service logs show configuration changes, logins and service activities.
- Endpoint security takes care of hosts, usernames and files.
But, the catch is none of these security systems can make you aware of what's happening to your business in terms of bulls eye security and continuity of the business process. And, once all of them come together, the "Rock & Roll" happens.This is what SIEM does. It sits on top of all your security devices as a management layer and then it connects, correlates and unifies all the data and comes out with a logical understanding of all event data into one single platform so it can be analyzed and cross-referred. The baseline is: "The more data you put in your SIEM tool, the more powerful it becomes."Having said that, enjoy the music from your choirmaster. Questions? Post them in the comments section below.