2020-05-20T09:12:00Z

Are you using a SIEM platform with AWS Cloudwatch?


Is AWS Cloudwatch enough on its own, or is it a good idea to use a SIEM platform in conjunction with it?

Guest
22 Answers

author avatar
Top 10Reseller

CloudWatch is great, but it's not enough on its own. CloudWatch provides some limited alerting capabilities, but this is nothing like a true correlation engine or behavioral anomaly detection engine. You really need to feed your CloudWatch data into a SIEM or UEBA to get the most value from those logs. Also note that many of the logs that get fed into CloudWatch could also be fed directly to a SIEM via other means like syslog or agents, so you should consider what requirements you need to fulfill and where you'll get the best value for your money.

2020-05-27T12:39:12Z
author avatar
Top 5User

Security is changing, they finding always new possibilities to break in. AWS Cloudwatch is more monitoring and log analytics tool, while a SIEM is more a security tool. So yes if your business is important an can not have a long downtime. The combination is better.

2020-05-27T12:56:03Z
Find out what your peers are saying about Splunk, LogRhythm, IBM and others in Security Information and Event Management (SIEM). Updated: November 2020.
447,654 professionals have used our research since 2012.