SIEM systems are something more and more people are adopting to use with defense-in-depth and its a good move.
The company I work for partners with a SIEM solution provider called SocSoter and they have these affordable units that you deploy on a network and it has an interface in every network device you desire.
These device come in a few flavors, a VMS and SMA to name a couple. The SMA proactively monitors the network that it’s mirroring and allows for syslog monitoring of switches and storage appliances including taking Windows Server Event logs. On the flip side the VMS does proactive vulnerability scans of the network to find problems with the network/systems and provides steps on how to fix them.
These devices, when used in conjunction with directory services like Active Directory, Edge Firewalls, Next Generation AV, auditing policies, 802.1X, routing cryptography, and inline/at-rest encryption enables the deployment of a very comprehensive defense-in-depth approach to security. 🙂