2020-09-23T06:21:00Z

What is the difference between log management and SIEM?

How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution?

Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log management and SIEM?

Rony_Sklar - PeerSpot reviewer
Community Manager at a tech services company with 51-200 employees
  • 5
  • 721
6
PeerSpot user
6 Answers
Navin Rehnius - PeerSpot reviewer
SOC Analyst at Tata Consultancy Services, Ltd
Real User
Top 5
2021-07-27T05:43:52Z
Jul 27, 2021

SIEM is the tool that can monitor all the security activities like viruses, brute force, lateral movement, log deletion, etc,., 


Log management is used for storing, viewing, analyzing, and retrieving the logs from the source.

Search for a product comparison in Log Management
Vendor
2021-08-09T10:26:08Z
Aug 9, 2021

Security information and event management (SIEM) is software that helps companies and governments monitor their networks and any suspicious activity. SIEMs are often expensive to acquire, but they provide a lot of benefits for enterprises. The "log management" software is a cheaper alternative because it does not have all the capabilities of the SIEM.


A critical difference between log management and SIEM is the data that they offer to their users. Log management software only offers data from the network, while a SIEM also offers data from operating systems, databases, and even applications.


I consider a SIEM like the best tool to protect your company. Security Onion is one of the best SIEM to Linux and UTMStack is a free Next-Gen SIEM and compliance platform (with a free community version) to small and medium-sized enterprises.

LM
CISO at a religious institution with 501-1,000 employees
Real User
Top 20
2020-09-23T14:26:06Z
Sep 23, 2020

Rony, Daniel's answer is right on the money.  There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget.  A small operation may be best served by a managed service if it proves to be economical.  I do not have any recent data on these.  When I was investigating SIEMs there were big systems such as IBM, HP and McAfee then I found LogRhythm which has proved to be a great tool and more of what I needed right away.  We manage it ourselves, though they now have a cloud offering.  Also, if you have mostly Office365 and Azure IaaS logs to work with, you may find MS Azure Sentinel to be a good fit.  I hope this is of some use to you.

Rony_Sklar - PeerSpot reviewer
Community Manager at a tech services company with 51-200 employees
Community Manager
Sep 24, 2020

@Lindsay Mieth Thanks for your input!

PeerSpot user
DS
User at a healthcare company with 5,001-10,000 employees
Real User
2020-09-23T13:51:18Z
Sep 23, 2020

Log Management is just that, it looks at logs from devices and attempts to make inferences about security issues from those logs. SIEM technology typically casts a wider net, looking at all types of security events. The best of breed will look at Network flows and events and logs, and other types of events that don't necessarily come from logging sources and provide an inference engine and rules management platform to allow you to detect anomalies from a wide variety of sources rather than just logs.

Rony_Sklar - PeerSpot reviewer
Community Manager at a tech services company with 51-200 employees
Community Manager
Sep 24, 2020

@Daniel Sichel Thanks, this is a very clear answer. If SIEM casts a wider net, is it then necessary to still have a log management tool? Do you have recommendations for products for SIEM/log management?

PeerSpot user
DR
Business Development Manager - Cybersecurity & Intelligence at Arcus Technology
User
2020-09-23T19:21:12Z
Sep 23, 2020

In short, Log Management refers to the collection, storage, and organizing of the event logs according to your specifics needs and operational processes. Opposite, the SIEM after data collection, is making the real exploitation of this data acquired from different sources, servers, applications, and OS. In the context of the traditional Intelligence cycle, is performing 3 of the 4 typical stages: Collection, Analysis/Processing, and Distribution to Decision-makers. Said that from the perspective of a former Intel guy is Intelligence vs raw data before even converted into the information.

Rony_Sklar - PeerSpot reviewer
Community Manager at a tech services company with 51-200 employees
Community Manager
Sep 27, 2020

@David Rivas Huete thanks  :)

PeerSpot user
ES
Sales Leader at Rivium
User
2020-09-24T03:28:37Z
Sep 24, 2020

Splunk would be the best solution to address several use cases.

Rony_Sklar - PeerSpot reviewer
Community Manager at a tech services company with 51-200 employees
Community Manager
Sep 24, 2020

@Esmat Salah El-Din Thanks for your input :)

PeerSpot user
Learn what your peers think about IBM SevOne Network Performance Management (NPM). Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
708,461 professionals have used our research since 2012.
Related Questions
GB
PresidentPresident at TSG Networks
Nov 11, 2022
Hi community, The GDPR compliance is demanding that we use automated event log monitoring on our 8-9 servers.  Which tool would you recommend using for this  Windows environment? Why? Thanks in advance for your help!
2 out of 7 answers
Daniel Penn - PeerSpot reviewer
Consultant at a computer software company with 11-50 employees
May 4, 2022
SolarWinds SEM (Security Event Manager) is quickly implemented, easy to understand and will do the job regarding GDPR and other compliance regulations. Getting events from Windows Servers is an easy task with the Agent. If you have more time for the topic and are more into deep data analytics probably other solutions may be more satisfying.
DS
Director Of Information Security at OSG Connect
May 4, 2022
That would also depend on how much the budget will support and how granular you want to get.  If you want a full solution that will be significantly more than a patched-together solution using open source tools and Windows native logging tools.  What specifically are your objectives? Do they want to scan events for PII, health data, simple website cookies and expirations?  This is a complex question and much more detail, in a general sense, is needed for proper context.
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Sep 13, 2021
Hot data is necessary for live security monitoring.  Archive data (cold data) is not available fastly. It takes days to make archive data live if the archive data time frame is more than 30 days (in most of the SIEM solutions).  As an example, SolarWinds said the attackers first compromised its development environment on Sept. 4, 2019. So, to investigate the SolarWinds case, we have to go bac...
See 1 answer
ML
Splunker, Networking and E-Mail Security Architect, Engineer and Guru at a healthcare company with 10,001+ employees
Sep 13, 2021
We changed our model to be able to cover such critical long-term cases.  We upload all our critical log sources to AWS S3 for a 3-year retention period. Based on compliance needs we either leave the log files as-is or scrub them from metadata that does not serve any purpose.  In a second pass, we then inject the last 180 days of data into our SIEM. Should the need be we can always search our original log files for required data or re-ingest older data.  This helps us save money while addressing security needs.
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jun 20, 2022
Hi PeerSpot community members, This is a fresh-from-the-oven Community Spotlight for you. Here, we've summarized and selected the latest posts (professional questions, articles and discussions) by PeerSpot community members. Check them out! Also, please share with us your feedback and suggestions by commenting below! Trending See what is trending at the moment and chime in to discuss! ...
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jun 20, 2022
Community Spotlight #16
Hi PeerSpot community members, This is a fresh-from-the-oven Community Spotlight for you. Here, ...
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
Top 8 Log Management Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free IBM SevOne Network Performance Management (NPM) Report and get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
DOWNLOAD NOW
708,461 professionals have used our research since 2012.