Leadership Brief

Find Your Route from SIEM to SIP and SOAR

Security Information and Event Management (SIEM) platforms have been a key part of many enterprises’ cybersecurity infrastructures for over a decade. However, facing the growing number and sophistication of cyber threats, even the largest security operations centers built around them fail to respond to attacks in time. Are SIEMs a thing of the past already? This Leadership Brief provides some insights and recommendations.

Alexei Balaganski

ab@kuppingercole.com

1 Executive Summary

For years, SIEM solutions have dominated the enterprise security market, and even nowadays they are still widely used to power security operations centers (SOCs) in large companies or managed security services for smaller ones. At the beginning of the Digital Transformation era, when perimeter-focused tools like firewalls were no longer able to protect corporate networks, the scope of cybersecurity was gradually shifting towards threat detection. Back then, SIEMs were hailed as the ultimate solution to all security challenges: after all, centralized collection and management of security-related data across all corporate IT systems is a key prerequisite for quick analysis and response to cyberthreats.

However, in just a few years, it became clear that SIEM solutions were failing in delivering on their promises, with companies deploying them facing multiple obstacles and challenges. High deployment and operational costs, lack of intelligence to react to modern cyberthreats and, last but not least, the growing skills gap to staff the security teams needed for efficient security operations were the most common problems of legacy SIEM tools.

However, the emergence of breakthrough technologies like Big Data and Machine Learning (ML) has continuously driven innovation in the cybersecurity market throughout the last decade. New intelligent automation capabilities, whether integrated directly into newer SIEM solutions or augmenting the existing ones with new functions, ensure that security monitoring, forensic analysis, and incident response remain a core component of any modern cybersecurity architecture.


Full article is available for registered users with free trial access or paid subscription.

Register and read on!

Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package