“If I pass a compliance audit, doesn’t that mean my systems are secure?” The answer is, yes as well as no. Passing an audit that says your systems are compliant to some industry standard or federally mandated law doesn’t mean they are secure, and because your systems are secure doesn’t mean you’re going to pass an audit. Security and Compliance are two different creatures that work with one another, but don’t solve the same problem.
Similarly FIM and SIEM work together to increase system security and help pass audits. In a nutshell, FIM is a service that monitors and records when critical system files are changed. SIEM services collect the logs from multiple system security mechanisms and record the logs to provide a single point of view for the overall network security.
FIM and SIEM don’t guarantee a compliant or a secure system, but, together, with other items in place, it can help.