What the heck is security event management, anyway?
Techworld has an article on this topic. Unfortunately, Larry Lunetta made it sound like the whole SEM space is about IDS alerts reduction. It would be really sad if that’s all SEM products do.
I think SEM is probably the wrong name for this space anyway. Most of the vendors mentioned in the article are pure SEM players in the sense that they only do security events. But there’s a lot more to log management than just security.
Most people who go through logs use them for
- network/system troubleshooting
- fault isolation
- utilization tracking
- availability detection
- performance tracking
Security is obviously an important use of logs, but logs tell you a lot more than just security.
What better way to tell whether your pair of PIX firewalls have failed over than to look for
- %PIX-1-104001: (Primary) Switching to ACTIVE (cause: string).
- %PIX-1-104002: (Primary) Switching to STNDBY (cause: string).
- %PIX-1-104003: (Primary) Switching to FAILED.
This will tell you exactly when the switch happened. Then you can perform a search for logs that are around this time frame and determine the exact root cause.
This is definitely NOT “security event management”. So I think IDC/Gartner should come up w/ a new term for the log management space. 
Disclaimer: This is my personal blog. The opinions expressed in this blog are the views of the writer and do not necessarily reflect the views and opinions of VMware.