Blog
Security Information and Event Management (SIEM) products aggregate data for various uses in IT operations. A primary capability of SIEMs is
Security Information and Event Management (SIEM) products aggregate data for various uses in IT operations. A primary capability of SIEMs is log correlation, which allows the tool to pull together log information from a variety of sources, including security tools, network devices, servers, and applications. In this way, SIEMs can consolidate the many logs generated from a specific event into a single security incident and unify monitoring. The patchwork approach SIEMs offer to centralizing log data and security alerts is starkly different from the Darktrace Cyber AI Platform’s advanced threat detection, automatic incident investigation, and Autonomous Response capabilities.
The alerting abilities of SIEMs are derived from a combination of three detection approaches:
- Relying on the accuracy and effectiveness of detection from other tools within the security stack, which typically depend on rules and signatures
- Correlation of known signatures from third-party threat intelligence against the collected log data
- Implementation of complex searches created by one’s own security team, who can envisage certain types of attack or compliance breach
Correlation of known signatures from third-party threat intelligence against the collected log data • Implementation of complex searches created by one’s own security team, who can envisage certain types of attack or compliance breach