From October 18, many companies will be obliged to register themselves with the authorities as part of the new NIS2 directive. But what exactly does NIS2 mean and how does it relate to SIEM? In this blog, you will find out what the NIS2 directive requires and what measures need to be implemented. At the end you will find a practical NIS2 directive self-test that you can use to check whether your company could be affected by the NIS2 directive
What is the NIS2 Directive?
The NIS2 Directive is intended to improve cyber security in the EU and affects many companies – both directly and indirectly, as the supply chains of the affected sectors must also be protected. Above all, the EU’s strict requirements demand a response time to cyber security incidents that most companies cannot meet without preparation. You can find the directive on the EU website here Since July 24, 2024, this EU-wide directive has also been enshrined in German national law. Which aspects of the NIS2 Directive pose the greatest challenges in terms of implementation? In our opinion, they are the following:
You are only as good as your tools. To meet the demanding requirements, we believe you need a new tool that can handle the load. This is exactly where SIEM comes into play.
What is SIEM?
SIEM stands for Security Information Event Management. E SIEM system provides a comprehensive overview of your company’s IT security. It collects and analyzes security data from various sources such as ERP systems, cloud services and IoT devices (e.g. smart TVs, cameras, etc.). By monitoring login attempts, system changes and other security-related events, the SIEM system detects suspicious behavior. In the event of anomalies, alarms are triggered and detailed logs are created to quickly identify and resolve threats.
What makes a SIEM system so powerful is its ability to harmonize log files from different sources. As a result, it provides a comprehensive overview of all activities in the network at a glance, even in large and complex IT environments that would otherwise be difficult to analyze.
NIS2 and SIEM – The Perfect Pair

A SIEM system is essential to meeting the requirements of the NIS2 directive because it provides several core functions that are critical to compliance. Here are the main reasons:
Which SIEM System?
The market is virtually flooded with providers of SIEM software. So which provider can you trust? As is so often the case, it’s a matter of taste and we are happy to introduce you to 3 providers and have drawn comparisons for you.
ManageEngine Log360 | Microsoft Sentinel | Splunk | |
---|---|---|---|
Implementation | Cloud and on-premise | Cloud-native (Azure) | Cloud and OnPremise |
Data Sources | Broad support, incl. AD |
Integrated with Azure services and other data sources |
Broad support for different data sources |
Scalability | Suitable for SMEs, limited scalability |
Highly scalable, particularly suitable for Azure users |
Very high scalability, suitable for large companies |
Analysis and visualization | Detailed reports and dashboards, but limited |
Powerful visualizations | Comprehensive analysis functions, powerful dashboards |
Machine learning | Basic threat detection and analytics | AI-driven threat detection and automation | Advanced machine learning models for anomaly detection |
Real-time monitoring | Yes | Yes, AI supported | Yes |
Compliance | Templates and reports for compliance | Integrates compliance management for Azure services | Provides comprehensive compliance reports |
Automation | Basic functions | Strong automation through playbooks and integrations | Extensive automation options |
Integration | Well integrated with ManageEngine products | Tightly integrated with Azure services and Microsoft 365 | Extensive integration options with third-party providers |
Costs | € | €€ | €€€ |
Important note: It should be mentioned that there are many other providers in the SIEM sector and that the market landscape is currently changing very rapidly. Six months ago, Splunk was still considered the clear market leader. In the meantime, however, Microsoft Sentinel has caught up considerably thanks to numerous upgrades. Now it’s more of a neck-and-neck race. In addition, Splunk has concerns about its long-term business model, particularly due to the acquisition by Cisco, which could lead to possible changes in the license structure.
Leave A Comment