Traditional IT security defences have been built using point security products. These are good for protecting against specific threats; for example firewalls limit access to networks, anti-virus software detects malware on given devices and encryption protects stored data. However, cyber security threats have now emerged that can only be detected by correlating information from a wide range of sources, including point security products themselves. Most organisations already have much of the required data to achieve this but not the tools needed to process it. This has led to the emergence of next generation SIEM (security information and event management) tools.