The document compares risk-based correlation to rule-based correlation for network security event management. Risk-based correlation considers all available evidence across an enterprise to assess risk, while rule-based correlation relies on specific rules that require extensive ongoing maintenance. Risk-based systems are more accurate, efficient, and cost-effective as they are not constrained by rules or timing of events. The document concludes risk-based correlation is superior to rule-based correlation for network security.