Consultant at a tech services company with 11-50 employees
Reseller
May 27, 2020
CloudWatch is great, but it's not enough on its own. CloudWatch provides some limited alerting capabilities, but this is nothing like a true correlation engine or behavioral anomaly detection engine. You really need to feed your CloudWatch data into a SIEM or UEBA to get the most value from those logs. Also note that many of the logs that get fed into CloudWatch could also be fed directly to a SIEM via other means like syslog or agents, so you should consider what requirements you need to fulfill and where you'll get the best value for your money.
Search for a product comparison in Security Information and Event Management (SIEM)
Security is changing, they finding always new possibilities to break in. AWS Cloudwatch is more monitoring and log analytics tool, while a SIEM is more a security tool. So yes if your business is important an can not have a long downtime. The combination is better.
SIEM integrates real-time monitoring with advanced analysis of security events. It consolidates functions to provide comprehensive threat detection and response, enhancing organizational security measures.SIEM solutions offer extensive threat intelligence, enabling security teams to detect anomalies and incidents effectively. They provide a centralized view of an organization's security posture, combining various data sources and offering sophisticated correlation and monitoring tools....
CloudWatch is great, but it's not enough on its own. CloudWatch provides some limited alerting capabilities, but this is nothing like a true correlation engine or behavioral anomaly detection engine. You really need to feed your CloudWatch data into a SIEM or UEBA to get the most value from those logs. Also note that many of the logs that get fed into CloudWatch could also be fed directly to a SIEM via other means like syslog or agents, so you should consider what requirements you need to fulfill and where you'll get the best value for your money.
Security is changing, they finding always new possibilities to break in. AWS Cloudwatch is more monitoring and log analytics tool, while a SIEM is more a security tool. So yes if your business is important an can not have a long downtime. The combination is better.