White paper

Content Aware SIEM™ (CA-­‐SIEM)representsa new generation of Security Information and Event Management (SIEM) capabilities that extend the value and benefits of SIEM by providing visibility into the contents of applications, documents and protocols. Without content awareness, a SIEM is only able to act upon the surface details provided by logs.This limits the effectiveness of key SIEM functionalities —including threat detection,incident response, and compliance reporting — because the data being used foranalysis lacks sufficient context to make informed,relevant decisions.
As aresult,SIEM systems have started to evolve: context information from add-­‐on systems such as Identity Management, Vulnerability Assessment,Configuration Management systems,and others hasbeen used to enhance the security events collected and correlated by the SIEM. While these systems provide a great deal of value to SIEM, the events themselves are still myopic,limited to the summary data provided by the source log files.