<p>Predictions about the death of <a href=”https://www.techtarget.com/searchsecurity/definition/security-information-and-event-management-SIEM”>SIEM</a> platforms have swirled for years, fueled by reports of alert fatigue, sky-high data costs and the shiny promises of extended detection and response (<a href=”https://www.techtarget.com/searchsecurity/definition/extended-detection-and-response-XDR”>XDR</a>), security data lakes and, now, <a href=”https://www.techtarget.com/searchsecurity/tip/What-agentic-AI-means-for-cybersecurity”>agentic AI</a>. Yet, two decades after they first emerged, SIEM technologies remain essential parts of security operations at many organizations.</p>
<p>CMI Consulting <a target=”_blank” href=”https://www.custommarketinsights.com/report/security-information-and-event-management-siem-market/” rel=”noopener”>predicted</a> that the SIEM market will grow from just over $7 billion in 2024 to nearly $18 billion in revenue by 2033, driven by increasing demand for threat detection and hunting capabilities and expanding regulatory requirements. Instead of going the way of the dinosaur, SIEM is undergoing a pivotal evolution, experts say. The question isn’t whether the concept is obsolete, but whether the implementation is mired in another era.</p>
<p>”SIEMs have been the security tool that people love to hate,” said Andrew Braunberg, an analyst with Omdia, a division of Informa TechTarget. “And while it is true that they can be complex and costly to operate, Omdia continues to forecast steady growth for the market.”</p>
<section class=”section main-article-chapter” data-menu-title=”The evolution of SIEM”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>The evolution of SIEM</h2>
<p>A technology that once offered little more than centralized log collection and rule correlation has dramatically transformed in response to both critics and the evolving threat landscape. Early SIEM deployments earned a reputation for generating overwhelming volumes of false positives, requiring armies of analysts to <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-reduce-false-positive-alerts-and-increase-cybersecurity”>sift through alerts</a> and imposing crushing costs on enterprises.</p>
<p>Those issues with SIEM — real and perceived — have driven substantial maturation. “Today’s [next-generation] SIEMs include advanced analytics such as user and entity behavior analytics, better integration with threat intelligence, and SOAR [security orchestration, automation and response] capabilities delivered on cloud-native architectures,” Braunberg said.</p>
<p>Jason Soroko, a senior fellow at Sectigo, shared Braunberg’s outlook on SIEM. The technology has had its share of problems, a lot of which have colored people’s take on its future, he said. Initially, SIEMs were built as log-centric compliance tools that relied on static correlation rules and monolithic architectures, leaving them ill-equipped to analyze massive cloud data volumes, detect sophisticated real-time attacks or <a href=”https://www.techtarget.com/searchsecurity/tip/Incident-response-automation-What-it-is-and-how-it-works”>automate threat response</a>.</p>
<p>In addition, many platforms charged based on data volume and used rigid data formats that struggled to handle the detailed information needed to detect modern attacks, such as user behavior patterns, cloud application activity and workload data. Organizations often faced the impossible choice of either feeding their SIEM platforms the rich security data they needed, then watching costs skyrocket, or restricting the data flow and missing critical threats.</p>
<p>”Some of this is inherent to the original design, which optimized for centralized log storage, compliance and basic reporting rather than real-time cross-domain analytics,” Soroko said. “Some [of it] is an implementation problem where organizations underinvest in content engineering, use-case design and automation.”</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Why organizations won’t abandon SIEM”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Why organizations won’t abandon SIEM</h2>
<p>Newer platforms, such as XDR and <a href=”https://www.techtarget.com/searchsecurity/feature/How-AI-threat-detection-is-transforming-enterprise-cybersecurity”>AI-driven detection</a>, focus on high-quality telemetry, built-in detections mapped to <a href=”https://www.techtarget.com/searchsecurity/tip/Mitre-ATTCK-framework-use-cases”>frameworks like Mitre ATT&CK</a>, behavioral and anomaly analytics, and native automated response. These platforms are better than SIEM in many ways, especially when i
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: