In the face of today’s cyber threats, no organization can claim it does not have a need for a centralized, coordinated view of their security posture and the ability to respond to threats and incidents.
For this reason, large organizations are setting up or expanding their Security Operations Centres (SOCs) and smaller organizations are outsourcing their SOCs either directly to SOC as a Service (SOCaaS) providers or indirectly through Managed Security Service Providers (MSSPs), but most of these SOCs rely on Security Information and Event Management (SIEM) solutions.
Despite their chequered history, SIEM tools remain as relevant today as they have ever been because they perform the essential function of providing centralized collection and management of security information across all corporate IT systems.
Due to technological advances in the past decade, SIEM tools have undergone a significant improvement. By incorporating technologies such as Big Data frameworks, cloud computing, and machine learning (ML) and other forms of artificial intelligence (AI), SIEM tools have evolved into “intelligent” platforms that avoid many of the shortcoming of their predecessors.
These modern SIEM tools, further augmented by things like User & Entity Behavior Analytics (UEBA), Security Orchestration, Automation & Response (SOAR), and Network Detection & Response (NDR), address the issues that have tarnished the reputation of SIEM tools in the past.
The need for centralised security information has never been greater, and perhaps SIEM tools have never been more relevant because modern versions are no longer beset with problems like high levels of false positives, and high deployment and operational costs.
Modern SIEM tools are also easier to use, they provide risk scores and other useful metrics, they include automation capabilities, and they are easily integrated with other security devices to make forensic investigations easier for SOC analysts.
To meet the security requirements of modern businesses in the digital era, SIEM capabilities should be upgraded to ensure they are able to deal with modern cyber threats and feed the required information to SOC analysts, whether they are in-house or working remotely under the auspices of an MSSP or SOCaaS provider.
The latest generation of SIEM solutions continues to evolve as general-purpose security management and intelligence platforms, incorporating innovative intelligence and automation capabilities.
— Alexei Balaganski, Lead Analyst, KuppingerCole
Because we understand how important effective SIEM systems are to a comprehensive cybersecurity capability, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats.
Research
Organizations looking for a SIEM solution or to upgrade an existing SIEM to power an internal or outsourced SOC face a tough task due the wide variety of security technologies on offer. However, for help in identifying your requirements and mapping those to specific vendors, have a look at the newly-published Leadership Compass on Intelligent SIEM Platforms.
As noted above, SOAR technologies have had an influence on modern SIEM solutions and typically work in tandem. To learn more about SOAR, which has emerged in parallel with modern SIEMs and is focused on creating more streamlined and automated workflows, have a look at the Leadership Compass on Security Orchestration Automation and Response.
Similarly, modern SIEM have been influence by and interact with NDR solutions. To learn more about the relationship between SIEM and NDR, have a look at the latest Leadership Compass on Network Detection & Response.
In modern security approaches, SIEM is increasingly integrated with Privileged Access Management (PAM) systems. To find out more about SIEM in the context of PAM, have a look at the Leadership Compass on Privileged Access Management.
In the digital era, consumer authentication is becoming increasingly important to counteract fraud, comply with regulations, and improve the customer experience. To find out more about SIEM in this context, have a look at the Leadership Compass on Consumer Authentication.
As mentioned above, SIEM tools play an important role in collecting security information for use by SOCs, whether these are in-house or outsourced. Where organizations choose to outsource their SOC, typically to an MSSP or directly to a SOCaaS provider, these services will typically either tap into existing SIEM systems, or will provide a SIEM capability as part of the service. To learn more about this topic, have a look at the Market Compass on SOC as a Service.
As already discussed, SIEM tools typically interact with a wide range of other security-related systems. To find out more about SIEM tools in the context of risk, have a look at the Market Compass on Integrated Risk Management Platforms; in the context of Governance, Risk & Compliance, have at the Market Compass on IT-GRC Tools; and in the context of EPDR, have a look at the Market Compass on Endpoint Protection, Detection, and Response.
For brief overviews on SIEM-related topics, have a look at the list of Leaderships Briefs below, and have a look at those that are the most relevant to you and your organization:
- Find Your Route from SIEM to SIP and SOAR
- Responding to Cyber Incidents
- Incident Response Management
- Security Fabric: A Methodology for Architecting a Secure Future
- The Information Protection Life Cycle and Framework: Monitor and Detect
Advisories
For a good overview of the relationship between SIEM tools and SOCs, as well as some of the other technologies already mentioned, have a look at this Advisory Note on Architecting your Security Operations Centre.
Blogs
For short, incisive perspectives on various topics that reference SIEM tools, choose the most relevant blog post by analysts from the following list:
- Google Cloud Advances Security Capabilities by Acquiring SOAR Vendor Siemplify
- Real-time Security Intelligence – more than just "next generation SIEM"
- Why Enterprises Are Choosing SOAR for SOCs
- Building a Future-proof Intelligent Security Operations Center
- Building a Future-proof Intelligent Security Operations Center, Part 2
- What is XDR?
Video/audio
If you would prefer to hear what our analysts have to say about SIEM-related topics, listen to this Analyst Chat about the plethora of acronyms for security analytics entitled: The Alphabet Soup of Security Analytics.
For a broader perspective on the factors driving trends in cybersecurity, listen to this Analyst Chat entitled: How the Cybersecurity Market Is Evolving.
And for a perspective on one of the latest security buzzwords and how this relates to SIEM, listen to this Analyst Chat on What (and why) is XDR?
Webinars
To learn more about the Zero Trust approach to security and the role played by SIEM, watch this webinar entitled: Zero Trust Means Zero Blind Spots.
Masterclass
If you are able to invest in learning about how SIEM features in the context of incident response, consider the KuppingerCole Masterclass on Incident Response Management.
Tech Investment
Organizations investing in SIEM technologies, can have a look at some of the related technology solutions that we have evaluated:
- ManageEngine Log360
- Elastic Security
- Exabeam Security Management Platform
- IBM Cloud Pak for Security
- IBM QRadar Security Intelligence Platform
- Securonix Cloud SIEM and UEBA
- Logsign SOAR
- LogRhythm Security Intelligence Platform
For tailored advice from trusted and neutral advisors on how to make the use of your SIEM solutions more efficient and effective, contact KuppingerCole Analysts’ Advisory Services.