Is AWS Cloudwatch enough on its own, or is it a good idea to use a SIEM platform in conjunction with it?
CloudWatch is great, but it's not enough on its own. CloudWatch provides some limited alerting capabilities, but this is nothing like a true correlation engine or behavioral anomaly detection engine. You really need to feed your CloudWatch data into a SIEM or UEBA to get the most value from those logs. Also note that many of the logs that get fed into CloudWatch could also be fed directly to a SIEM via other means like syslog or agents, so you should consider what requirements you need to fulfill and where you'll get the best value for your money.
Security is changing, they finding always new possibilities to break in. AWS Cloudwatch is more monitoring and log analytics tool, while a SIEM is more a security tool. So yes if your business is important an can not have a long downtime. The combination is better.
How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution?
Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log management and SIEM?
I am the technical director of a science and technology division for the government.
Which SIEM solution would deliver the best ability to identify, protect, detect, respond and recover from a cyber attack?
Thanks! I appreciate your help.