“We are what we repeatedly do“ is a common paraphrase of Aristotle—though if he were around today, his sentiment might be more like “we are what we search, click, or connect to.” As security professionals well know, there’s a lot to learn from how we use technology. The interactions between users, applications, networks, devices, and APIs all provide useful security information, and by collecting and analyzing this data, companies can identify threats and respond proactively. The problem? These interactions add up quickly. And, while every data point is valuable, the sheer amount of data that companies need to collect and analyze can be overwhelming. On the flip side, it may not be individual data points that are interesting, but combined trends or general direction of data that holds the insight. This is where security information and event management (SIEM) solutions come in. How do SIEM tools work? The core functions.