I think it is exactly what you you have both said, it's "checkbox compliance" as well as just an archive to go back to later. The folks that I talk to here just don't seem to see the potential power once you do the massaging and tweaking to get a SIEM firing on all cylinders. To me SIEM is all of the following: log management, IPS, IDS, compliance, operational monitoring intelligence etc. SIEM should be at the core of both your security architecture and your monitoring architecture; it's just as important as your anti-virus, patching, and NMS systems but somehow people don't see that.
↧