To provide user authentication

To record events for future analysis

To filter network traffic

To encrypt sensitive data

Developing secure code

Managing passwords

Collecting and analyzing security-related data

Creating virtual private networks

Technical vulnerabilities

Physical security breaches

Human psychology

Network misconfigurations

Store logs in an unencrypted format

Only review logs when a breach is detected

Centralized log collection

Discard logs after a short period

SIEM can predict future attacks

SIEM provides real-time analysis

Traditional log management uses encryption

Traditional log management is not used anymore

Following someone closely through a controlled access point

Infecting a system with malware

Intercepting network traffic

Cracking passwords

Keeping them publicly accessible

Regularly changing log file names

Implementing access controls

Storing them on every user’s desktop