As more and more companies deploy Security Information and Event Management (SIEM), IT and security personnel often ask what’s the difference between CimTrak and leading SIEM providers.
Impact: When the threat actor made changes to the host file—there are no built-in Windows Events that could be sent to a SIEM to alert on this action and no ability to roll back or compare the change.
Impact: When the threat actor deleted important spreadsheets off the network drive hosted on the SAN server, no built-in FIM exists on the SAN to send alerts to a SIEM about this.
Impact: When the threat actor modifies stored procedures or other schema/configuration in MSSQL—these are not reported to a SIEM.
Impact: When the threat actor adds a zero-day attack file, no AV will alert to your SIEM about it because it's not considered a threat yet or "known".
NOTE: SIEMs do not generate or create log data - it only collects logs from external sources such as CimTrak which detects changes and reports forensics to a SIEM.