We just raised a $30M Series A: Read our story
2020-09-23T06:21:00Z

What is the difference between log management and SIEM?

195

How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution?

Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log management and SIEM?

ITCS user
Guest
612 Answers

author avatar
Top 5Real User

Rony, Daniel's answer is right on the money.  There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget.  A small operation may be best served by a managed service if it proves to be economical.  I do not have any recent data on these.  When I was investigating SIEMs there were big systems such as IBM, HP and McAfee then I found LogRhythm which has proved to be a great tool and more of what I needed right away.  We manage it ourselves, though they now have a cloud offering.  Also, if you have mostly Office365 and Azure IaaS logs to work with, you may find MS Azure Sentinel to be a good fit.  I hope this is of some use to you.

2020-09-23T14:26:06Z
author avatarRony_Sklar
Community Manager

@Lindsay Mieth Thanks for your input!

author avatar
Top 5Real User

Log Management is just that, it looks at logs from devices and attempts to make inferences about security issues from those logs. SIEM technology typically casts a wider net, looking at all types of security events. The best of breed will look at Network flows and events and logs, and other types of events that don't necessarily come from logging sources and provide an inference engine and rules management platform to allow you to detect anomalies from a wide variety of sources rather than just logs.

2020-09-23T13:51:18Z
author avatarRony_Sklar
Community Manager

@Daniel Sichel Thanks, this is a very clear answer. If SIEM casts a wider net, is it then necessary to still have a log management tool? Do you have recommendations for products for SIEM/log management?

author avatar
User

In short, Log Management refers to the collection, storage, and organizing of the event logs according to your specifics needs and operational processes. Opposite, the SIEM after data collection, is making the real exploitation of this data acquired from different sources, servers, applications, and OS. In the context of the traditional Intelligence cycle, is performing 3 of the 4 typical stages: Collection, Analysis/Processing, and Distribution to Decision-makers. Said that from the perspective of a former Intel guy is Intelligence vs raw data before even converted into the information.

2020-09-23T19:21:12Z
author avatarRony_Sklar
Community Manager

@David Rivas Huete Thanks for weighing in! So with this in mind, does this mean that one should have both types of tools for the most effective event management? Do you have suggestions of tools to perform these functions?

author avatarDavid Rivas Huete
User

@Rony_Sklar it depends on several factors, but in my opinion, products such as Splunk, SolarWinds, Netwrix or LOgRithm will cover all needs. For me the most complete is Splunk, LogRithm delivers great information and probably SolarWinds is the friendly dashboard and management, but it's just my personal opinion. Anyway, the first recommendation is the return to the basics and learn how to read and understand a simple log in Windows or Linux, I believe Microsoft provides some training and certification about.

author avatarRony_Sklar
Community Manager

@David Rivas Huete thanks  :)

author avatar
Top 5Real User

SIEM is the tool that can monitor all the security activities like viruses, brute force, lateral movement, log deletion, etc,., 


Log management is used for storing, viewing, analyzing, and retrieving the logs from the source.

2021-07-27T05:43:52Z
author avatar
User

Splunk would be the best solution to address several use cases.

2020-09-24T03:28:37Z
author avatarRony_Sklar
Community Manager

@Esmat Salah El-Din Thanks for your input :)

author avatar
Vendor

Security information and event management (SIEM) is software that helps companies and governments monitor their networks and any suspicious activity. SIEMs are often expensive to acquire, but they provide a lot of benefits for enterprises. The "log management" software is a cheaper alternative because it does not have all the capabilities of the SIEM.


A critical difference between log management and SIEM is the data that they offer to their users. Log management software only offers data from the network, while a SIEM also offers data from operating systems, databases, and even applications.


I consider a SIEM like the best tool to protect your company. Security Onion is one of the best SIEM to Linux and UTMStack is a free Next-Gen SIEM and compliance platform (with a free community version) to small and medium-sized enterprises.

2021-08-09T10:26:08Z
Find out what your peers are saying about Splunk, IBM, Datadog and others in Log Management. Updated: October 2021.
542,823 professionals have used our research since 2012.