Consultant at a tech services company with 11-50 employees
Reseller
2020-05-27T12:39:12Z
May 27, 2020
CloudWatch is great, but it's not enough on its own. CloudWatch provides some limited alerting capabilities, but this is nothing like a true correlation engine or behavioral anomaly detection engine. You really need to feed your CloudWatch data into a SIEM or UEBA to get the most value from those logs. Also note that many of the logs that get fed into CloudWatch could also be fed directly to a SIEM via other means like syslog or agents, so you should consider what requirements you need to fulfill and where you'll get the best value for your money.
Search for a product comparison in Security Information and Event Management (SIEM)
Security is changing, they finding always new possibilities to break in. AWS Cloudwatch is more monitoring and log analytics tool, while a SIEM is more a security tool. So yes if your business is important an can not have a long downtime. The combination is better.
Find out what your peers are saying about Splunk, Wazuh, Microsoft and others in Security Information and Event Management (SIEM). Updated: January 2025.
Security Information and Event Management (SIEM) tools offer comprehensive visibility and management of an organization’s security events through real-time analysis and correlation of data from multiple sources.
SIEM solutions provide a centralized platform for managing security alerts and logs from various sources such as network devices, servers, and applications. They help identify and mitigate potential threats by analyzing event data for unusual patterns and correlations. These tools...
CloudWatch is great, but it's not enough on its own. CloudWatch provides some limited alerting capabilities, but this is nothing like a true correlation engine or behavioral anomaly detection engine. You really need to feed your CloudWatch data into a SIEM or UEBA to get the most value from those logs. Also note that many of the logs that get fed into CloudWatch could also be fed directly to a SIEM via other means like syslog or agents, so you should consider what requirements you need to fulfill and where you'll get the best value for your money.
Security is changing, they finding always new possibilities to break in. AWS Cloudwatch is more monitoring and log analytics tool, while a SIEM is more a security tool. So yes if your business is important an can not have a long downtime. The combination is better.