Organizations are realizing that an appropriate balance is needed between Proactive and Reactive Security controls. The proactive measures stop threats and concerns from occurring by using control policies whether it be firewall, IPS, End Point configuration or even online collaboration systems (Office). Reactive technologies identify concerns that your proactive controls aren’t configured to stop.
SIEM (Security Information and Event Management) is a Solution that allows organizations to gain insight into the security threats and concerns that are traversing their networks. It centralizes the security log and flow data and allows for businesses to create Use Cases on acceptable use.
When a SIEM is implemented appropriately, the SIEM solution becomes the source of truth when it comes to investigating a threat (internal or external) and allows businesses to make informed decisions on updating or customizing policies on proactive controls.
SIEM solutions can be on-premise, in the cloud or as a hybrid mix.