PRO+ Premium Content/E-Handbooks

SIEM emerged as a category in the mid-2000s. At that time, part of the rationale for SIEM products was that they could put the data winnowed from a large number of logs into a single pane of glass. This allowed for the summarization of that data and made more clear its meaning and implications. But no sooner did SIEM get its first-generation kinks worked out than the world changed. Security threats became even more sophisticated, raising the bar for SIEM technology. While SIEM products' value remains high, large-scale shifts in the product category are underway. The data collected by SIEM products turned into big data that needed to be sifted and analyzed to be valuable. On top of that, SIEM became a tool for real-time or near-real-time threat detection.

These technological advances and shifts mean that, in many enterprises, the exact function of SIEM is neither well-defined nor fully understood. Still, the focus remains on gaining actionable insight at a level of oversight that permits rapid, informed response. Here's a look at the new shape of SIEM -- in short, what you need to know now about SIEM and its capabilities.