SECNOLOGY: The five biggest pitfalls about SIEM SECNOLOGY are solving

Among cybersecurity teams, we often hear these phrases “If you try this query in SIEM, it will take weeks!” and “Security teams loath their SIEM!”.
SIEM (Security Information and Event Management System), especially systems that have evolved into a security analytics platform, is not what it was 5 or 10 years ago. To find out if it’s widely known or just a luxury for analysts, we conducted a survey asking what some think the biggest tales about SIEM, and the viewpoints were… robust

Several responses focused on the pitfalls of SIEM vendors talking about their products (usually in marketing and sales briefs). Honestly, many of them are right. SIEMs do take effort. They also need calculated planning, and much to the dismay of those who bought into the vendor hype, they have not delivered on the “single glass pane” pledged long ago. However, many aspects of SIEM have improved dramatically over the past 10 years, even though most security marketing has shown differently. Let’s review those 5 pitfalls.

The first pitfall: SIEM only applies to Compliance

Security Analytics Platform strives to stand out in the detection and response field. Many solutions make it a point of comparison for the last Forrester Wave™ Security Analytics Platform evaluation assessment. In contrast, during last 12-months, most solutions had entered the space designed for security use cases.

The second pitfall: SIEMs aren’t Scalable

Large-scale querying has long been an accepted challenge for existing SIEM solutions. When you purposely create a big data security problem, you also have to find a method to solve it. Most security experts wrestle to scale SIEM because of the manner in which they address log collection: instead of approaching it strategically, it’s all or nothing.

Sometimes companies, like those major players in the financial services industries, simply need to collect massive amounts of data. There are amazingly quick solutions on the market and major innovation occurring in this space today to answer this problem.

The third pitfall: Security Experts Hate their SIEM

Some experts love their SIEMs. And this is not just anecdotic evidence – according to a recent survey we conducted, more than 55% of respondents like or love their SIEM.

The fourth pitfall: SIEMs don’t do response orchestration

This was somewhat true a few years ago, but it’s not the case today. The bottom line is that SOAR (security orchestration, automation and response) technology has been or is being absorbed by the big SIEM players, to the extent that most security analytics platforms integrate automation and orchestration.

The fifth pitfall: SIEM is dying

This statement is a bit absurd and vastly exaggerated. For most large and mid-sized organizations, SIEM continue to be a key part of the security operations technology stack, and according to latest Forrester‘s “The State of Network Security” report, security teams under siege are expanding their SIEM use, not reducing it. At the end of the day, SIEM endures as the OS of the security operations center, and it won’t go away, despite the emergence of competitors like extended detection and response (XDR).

In Summary

Are there problems with security analytics/SIEM platforms? They certainly are. This is not an implicit advocacy or defense of the shortfalls of SIEM technology. If you approached to this article looking for a way to fill the gaps that SIEM has failed to fill, go over to our SECNOLOGY blogs to learn more about XDR vs SIEM & SOAR.

This blog is to say, tough, that the manner in which we perceived the SIEM 10 years ago is not typical of the versatile tool that security teams employ today. Security analytics platforms have a chance to sustain their grip on this space if they concentrate on detection innovation, singular user experience, and automated response and investigation.

SECNOLOGY combines SIEM + SOAR + XDR to provide a totally unique security solution. When it comes to enterprise network security in 2021, you need to protect yourself first by using XDR. Join us to learn more about SECNOLOGY.