You are here:

Intelligent processing of log events: Security Information & Event Management and IT search

The volume and complexity of log data have made administrators' and security experts' duty to process and analyse log events without delay an enormous feat. What they miss is a set of suitable tools for efficiently interacting with data volumes of up to hundreds of gigabytes. What they also miss is an integrative approach for recording, aggregating, correlating, visualising, and archiving all log data at a centralised point and issuing alerts.

For this, there are two quite different approaches: 

  • SIEM (Security Information and Event Management) 
  • IT search

Security Information and Event Management solutions

SIEM solutions can automatically perform the analysis and correlation of security events in real time. By capturing, normalising, aggregating, and correlating the log events and flows of various systems of diverse vendors (cross-device and cross-vendor data), events that pose a real threat to critical applications and data can be identified from thousands of events. This creates transparency and reduces the overhead.

Unfortunately, this approach does not always work for the entire IT. SIEM solutions are database/schema-oriented and necessitate the normalisation of log data. However, if the organisation has many custom applications, there may be no pre-defined parsers or connectors.

IT search

In contrast, IT search uses universal indexing. It indexes all types of log data, all terms, and all events from all sources in real time without the need for databases, expensive connectors, or user-defined parsers for proprietary applications.

Index-oriented search versus database-oriented correlation - what is the right solution? What are the technical differences? Which products are inexpensive to purchase and operate?  

Talk to us.

We have the right answers and tools for you.

Additional Information

2011 Gartner Magic Quadrant for Security Information and Event Management (Download auf arcsight.com)