Abstract
This paper will analyze and justify the utilization of a security information and event management (SIEM) software. SIEM software is software that provides real-time monitoring of events, correlation of audit logs and notification of incidents to appropriate personnel. Large enterprises would benefit greatly from procuring SIEM software as it saves resources while researching potential incidents due to the correlation assembled by the SIEM. Conducting all the actions required to respond to an incident or actively monitor possible intrusions would require several full time employees in large organizations. This can be easily accomplished with the right SIEM software. By procuring a SIEM software, although expensive, it is a worthwhile investment in the defense of an enterprise network and fully justifiable if all duties were done manually. In addition, it meets regulatory compliance requirements such as Sarbanes-Oxley, Risk Management Framework or Health Information Accountability and Portability Act. It also assists in the identification and post-incident event management to implement lessons learned.