What is Event Correlation?

Event correlation is the ability to take seemingly disparate, unrelated events and, when analyzed together, make up a concerted attack. Most IDP devices support summarization and can be integrated into an event correlation system. These niche event correlation products are known as security information management (SIM) products. The benefit of event correlation is simplification of events and also the ability to digest large quantities of information (such as error logs). Normalizing and summarizing allows staff to review and analyze more attacks in a given time period. Also, staff can take multiple events and perform trend analysis.