← All glossary terms Glossary

What is Security Information and Event Management (SIEM)?

A platform that collects log data from across your environment and runs detection rules over it to find security events.

Security Information and Event Management (SIEM) systems collect logs and other telemetry from servers, network devices, applications, and security tools — then run detection rules and analytics across that data. SIEM is the layer that lets a SOC ask questions like "did this account log in from somewhere unusual today?" or "did anyone download a large amount of data in the last hour?". Modern SIEM platforms have become increasingly integrated with detection-and-response workflows, blurring the line with XDR.

Keep learning

Related terms

Security Orchestration, Automation, and Response (SOAR)

Tooling that automates repetitive parts of investigation and response — like enriching alerts or isolating endpoints.

Read definition →

Multi-Factor Authentication (MFA)

A sign-in security control that requires something beyond a password — typically a phone, security key, or app prompt.

Read definition →

Phishing

Fraudulent messages — by email, text, or phone — designed to trick someone into giving up credentials, money, or access to your systems.

Read definition →

Ransomware

Malicious software that encrypts your data and demands payment for the key — often combined with data theft and extortion.

Read definition →

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team