The security information and event management (SIEM) market is defined by the customer's need to analyze security event data in real time for internal and external threat management, and to collect, store, analyze and report on log data for regulatory compliance and forensics. The vendors that are included in our analysis have technologies that have been designed for this purpose, and they actively market and sell these technologies to the security buying center.
SIEM technology aggregates the event data produced by security devices, network devices, systems and applications. The primary data source is log data, but SIEM technology can also process other forms of data. Event data is combined with contextual information about users, data and assets. The data is normalized, so that events from disparate sources can be correlated and analyzed for specific purposes, such as network security event monitoring, user activity monitoring or compliance reporting. The technology provides real-time security monitoring, historical analysis, and other support for incident investigation and compliance reporting.