Matt Flynn reviewed a recent moderated discussion on ESM (Enterprise Security Management) and SEM (Security Event Management). His conclusion - "The consensus seemed to be that vendors do a good job of gathering and storing logs to meet compliance requirements that mandate storage of those logs. What customers really need and want from these vendors, however, is actionable intelligence."
From the actual session he quotes Armit Williams, CTO of BigiFix, who offers a definition of the goal of information security:
"to limit the possibility of an incident from occurring... and when it does occur, to limit its impact (by identifying it quickly and responding)......what the ultimate goal of an intelligence system would be is that it's able to detect what are seemingly innocuous events and provide some actionable level of intelligence that shows that that's actually an incident occurring and you can respond to it and limit its impact on the environment - that's what they'd like to be, but they're not that."
Sounds like real time, multi-factor, risk based authentication to me.