What is a Security Information and Event Management system?

A Security Information and Event Management system, or SIEM, collects, normalizes, correlates, and analyzes log data from across an organization's IT infrastructure in real time. SIEMs aggregate logs from firewalls, servers, endpoints, applications, and network devices into a centralized platform. Correlation rules and analytics identify patterns that indicate security incidents, such as multiple failed login attempts followed by a successful login from an unusual location. SIEMs provide alerting, dashboards, reporting for compliance, and forensic investigation capabilities.