nexalign

Glossary term

SIEM (Security Information and Event Management)

Also: Log management platform, Security analytics platform

A platform that centralises security logs, enables long-term retention, runs correlation rules and supports investigation. SIEM is the evidence layer under EDR, XDR and SOC operations and the single largest line item in most security budgets.

SIEM has been through multiple generations (on-prem appliance, cloud-native analytics, data-lake-based). The choice today is rarely between SIEM vendors; it is between architectures: SIEM as primary analytics, SIEM as compliance log store, or no-SIEM with data-lake plus separate analytics.

The decision is expensive to reverse. Log retention, detection content and analyst workflows are deeply coupled to the chosen platform. Exit cost and data portability should be dealbreakers rather than weighted criteria.

Under DORA and NIS2, SIEM serves as evidence that incident detection and reporting timelines are actually met. A SIEM without tested use cases and runbooks is a compliance cost, not a control. The decision memo should include the operational readiness evidence, not just the product choice.

Related terms

EDR (Endpoint Detection and Response)

A class of endpoint security tools that continuously records endpoint activity and enables detection

XDR (Extended Detection and Response)

A security platform that unifies telemetry across endpoint, network, identity, email and cloud, corr

MDR (Managed Detection and Response)

A service that provides outsourced 24/7 monitoring, detection and response on top of an EDR or XDR p

← All termsBook a demo →