Thursday, August 30, 2007

Still, I Stick to It or 'SIEM vs Log Management'

Even though I did talk about it at length before (e.g. here), this article reminded me to remind you :-) I think Forrester folks are a bit optimistic. Think about it: if you have logs - you need log management. If you are ... if you have ... ehhh, well - when do you need a SIEM?

A long time ago, in my previous life, somebody came to me and said "I want everybody to need SIEM, our SIEM! Make it happen" (well, not exactly these words, but you get the idea). I thought about it long and hard and you know what? - even back then it occurred to me that SIEM is not for everyone. Log management, on the other hand, is for everyone who has logs (well, more than a trivial amount of them ...)

Dr Anton Chuvakin