Managed Security Information and Event Management (SIEM)
Security information and event management (SIEM) technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources.
It also supports compliance reporting and incident investigation through analysis of historical data from these sources. The core capabilities of SIEM technology span a broad scope of event collection and provide the ability to correlate and analyze events across disparate sources.
However, due to a lack of qualified analysts for in-house SIEM, organizations have failed to achieve the results they expected, which can cause SIEM to become “shelfware”. As a result, co-managed SIEM is on the rise.