Increasing security breaches, regulatory compliance, targeted attacks driven by financial motivation and an increasing globalization of business that rely upon internet services is driving the need for security information and event management (SIEM) capabilities.

SIEM technologies provide near-real time situational awareness to support efficient incident response and long-term data storage for the purposes of trending, historical analysis and to support regulatory compliance concerns.

Security Event Management
Security Event Management (SEM) provides situational awareness of an IT environment. SEM tools collect data from security and networking device sources, like firewalls, IDS, IPS, routers, and switches, OS logs, application logs, and host-based security products. This data is aggregated, correlated, and analyzed to provide an organization with operationally useful and actionable data.

Anyone who has attempted to correlate firewall and IDS log data, let alone tried to pull out relevant information from one of these log types, understands that manually managing security events is a losing game. Implementing a centralized syslog server and then developing a script to parse through and identify the relevant data is often how companies begin their SEM activities. However they will quickly run into scalability, storage and tool maintenance issues that will limit the value of this approach over time. Requirements for security event management have evolved to include multiple data sources beyond the traditional firewall and IDS combination-making manual or homegrown solutions incapable of providing abilities for effective event management and incident response.

Managed security service providers have gained wide acceptance over the past 5 years providing not only event management but also device management capabilities.