The old adage is that knowledge is power, and this might be true. But data is not knowledge. There is no question that if you take the time to process data, absorb it and even visualise it then over time it really will become powerful. But is that what you need in your organisation today?
If you’re managing IT infrastructure or looking to protect sensitive information it’s much more likely that your concern is that you can quickly identify problems, unusual activity or the source of a breach. Is that really what SIEM products are helping you to do? Maybe in some ways, centralising event logs and information into one place can’t be a bad thing. But in the event that this data needs to be audited it’s not so useful if only the person who’s had six months of training can go to that system and know what to look for. For us mere mortals it can be like trying to take a drink from a fire hydrant.
When looking for ways to prevent breaches or understand how they happened event logging is only part of the story. Visibility could be the missing clue you need to solve the puzzle. To actually SEE a users actions in real time or as recorded logs and video. This means that sometimes rather than having to read the book we can watch the movie!
You can take a look at how Wallix delivers session monitoring for privileged users in real-time as well as logging and recording here.