All organizations have taken measures to limit the risks surrounding information security. There are firewalls installed, antivirus software, there are access rules introduced, servers and applications are 'hardened,' etc.
, Although each part of security measures taken creates a certain amount of control, the diversity of the measures and the amount of LOG information that each solution can generate can make it impossible to assess the combination of all of this information as it relates to security risks.
A system that collects (aggregation) LOG information from various components of the infrastructure and still some incidents associated (correlation) with each other offers many advantages. These systems fall under the heading of Security Information and Event Management.