SIEM / IDS / IPS
What is a SIEM?
A Security Information and Event Management (SIEM) tool allows organizations to keep track of activity in their networks.
SIEM solutions typically work by ingesting logs from several devices from firewalls, routers, and switches to end-points (e.g workstations, laptops, mobile devices) and security software (e.g anti-virus and internet gateway security). The tools then gather information in real-time from the logs to produce events that are based on rules.
Security analysts that monitor the SIEM product will then triage any alarms that come in to ensure that they truly are incidents to escalate appropriately or take the proper measures to react to them and any other events that may be involved.
IDS & IPS
Nowadays, most of the top SIEM solutions on the market have IDS/IPS capabilities built-in.
Intrusion Detection Systems (IDS) are the part of a network security solution that performs the network monitoring aspect. You can think of it as the perimeter guards on watch towers.
Intrusion Prevention Systems (IPS) both monitor the network traffic for alerting like an IDS and also take reactive measures automatically to prevent attacks from happening.