SIEM enables the detection of incidents that otherwise would go unnoticed. Not only can this technology notify/log on security events, they have the ability to analyse the log entries to identify signs of malicious activity by gathering and correlating events from all of the sources across the network, a SIEM can help to reconstruct the sequence of events to determine what the nature of the attack was and whether or not it succeeded.
While a SIEM cannot directly stop an attack, it can communicate with other network security controls and towers, such as firewalls, proxy, Endpoint, and direct them to alter their configurations so as to block the malicious activity. An organization can also choose to have its SIEM consume threat intelligence feeds from trusted external sources. If the SIEM detects any activity involving a known threat, it can then alert and help to take actions to terminate those connections or interactions to proactively prevent an attack from occurring proactively.