SIEM (Security Information and Event Management)
Definition
A SIEM is a platform that centralises, correlates and analyses security logs and events from different systems to detect suspicious activities and incidents.
SIEM combines two functions: Security Information Management (SIM), collecting and storing logs, and Security Event Management (SEM), real-time analysis and correlation of events. Modern SIEM platforms use machine learning to detect anomalies.
A SIEM receives data from firewalls, servers, endpoints, cloud services and applications. By correlating events across multiple sources, attack patterns become visible that individual systems cannot detect.
Without a SOC team monitoring the SIEM 24/7, its value is limited. Many organisations therefore opt for an MDR service that combines SIEM functionality with human analysis.