2020-09-23T06:21:00Z

What is the difference between log management and SIEM?

Rony_Sklar - PeerSpot reviewer
  • 5
  • 724
PeerSpot user
6

6 Answers

LM
Real User
2020-09-23T14:26:06Z
Sep 23, 2020

Rony, Daniel's answer is right on the money.  There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget.  A small operation may be best served by a managed service if it proves to be economical.  I do not have any recent data on these.  When I was investigating SIEMs there were big systems such as IBM, HP and McAfee then I found LogRhythm which has proved to be a great tool and more of what I needed right away.  We manage it ourselves, though they now have a cloud offering.  Also, if you have mostly Office365 and Azure IaaS logs to work with, you may find MS Azure Sentinel to be a good fit.  I hope this is of some use to you.

Rony_Sklar - PeerSpot reviewer
Community Manager
Sep 24, 2020

@Lindsay Mieth Thanks for your input!

PeerSpot user
Search for a product comparison in Log Management
DS
Real User
2020-09-23T13:51:18Z
Sep 23, 2020

Log Management is just that, it looks at logs from devices and attempts to make inferences about security issues from those logs. SIEM technology typically casts a wider net, looking at all types of security events. The best of breed will look at Network flows and events and logs, and other types of events that don't necessarily come from logging sources and provide an inference engine and rules management platform to allow you to detect anomalies from a wide variety of sources rather than just logs.

Rony_Sklar - PeerSpot reviewer
Community Manager
Sep 24, 2020

@Daniel Sichel Thanks, this is a very clear answer. If SIEM casts a wider net, is it then necessary to still have a log management tool? Do you have recommendations for products for SIEM/log management?

PeerSpot user
DR
User
2020-09-23T19:21:12Z
Sep 23, 2020

In short, Log Management refers to the collection, storage, and organizing of the event logs according to your specifics needs and operational processes. Opposite, the SIEM after data collection, is making the real exploitation of this data acquired from different sources, servers, applications, and OS. In the context of the traditional Intelligence cycle, is performing 3 of the 4 typical stages: Collection, Analysis/Processing, and Distribution to Decision-makers. Said that from the perspective of a former Intel guy is Intelligence vs raw data before even converted into the information.

Rony_Sklar - PeerSpot reviewer
Community Manager
Sep 27, 2020

@David Rivas Huete thanks  :)

PeerSpot user
Navin Rehnius - PeerSpot reviewer
Real User
Top 10
2021-07-27T05:43:52Z
Jul 27, 2021

SIEM is the tool that can monitor all the security activities like viruses, brute force, lateral movement, log deletion, etc,., 


Log management is used for storing, viewing, analyzing, and retrieving the logs from the source.

ES
User
2020-09-24T03:28:37Z
Sep 24, 2020

Splunk would be the best solution to address several use cases.

Rony_Sklar - PeerSpot reviewer
Community Manager
Sep 24, 2020

@Esmat Salah El-Din Thanks for your input :)

PeerSpot user
Vendor
2021-08-09T10:26:08Z
Aug 9, 2021

Security information and event management (SIEM) is software that helps companies and governments monitor their networks and any suspicious activity. SIEMs are often expensive to acquire, but they provide a lot of benefits for enterprises. The "log management" software is a cheaper alternative because it does not have all the capabilities of the SIEM.


A critical difference between log management and SIEM is the data that they offer to their users. Log management software only offers data from the network, while a SIEM also offers data from operating systems, databases, and even applications.


I consider a SIEM like the best tool to protect your company. Security Onion is one of the best SIEM to Linux and UTMStack is a free Next-Gen SIEM and compliance platform (with a free community version) to small and medium-sized enterprises.

Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management. Updated: March 2024.
763,955 professionals have used our research since 2012.
Security Information and Event Management (SIEM)
A Security Information and Event Management (SIEM) system gives security managers a holistic overview of multiple security systems.
Download Security Information and Event Management (SIEM) ReportRead more