Is SIEM dead? If yes, in favor most of what? XDR or something else? If no, will it be one day and why do you think so?

3.5k viewscircle icon4 Comments
Sort by:
CIO in Education2 years ago

Despite assertions to the contrary, SIEM is not dead. SIEM is a different tool to EDR/XDR but it very much has a place in your infosec ecosystem. Some of the issues I've seen with SIEM adoption and use relate more to poor deployment / poor understanding of use cases and use case design / insufficient resourcing to help creating use cases / rulesets / dashboards / pricing models etc.

There's, by and large, almost always going to be a need for the ability to analyse and correlate logs to comprehensively investigate security incidents. SIEM fills other regulatory requirements too, and I prefer to see SIEM as an accompaniment to EDR/XDR capability rather than a tool that's replaced by EDR/XDR. 

CISO in Software2 years ago

It is far from dead.  Yes, they are evolving and are more than just log collection, correlation and analytics, but lets be realistic.  They are required for audits, compliance and forensics for historical purposes.  They are not forecasted to disappear any time soon.

Lightbulb on1
Information Security Officer in Government2 years ago

I would say no to that, most SIEM's do take a process to implement especially those that require linux VM instances. On the long term horizon automation through AI notifications straight to your security console just might replace all current SIEM's.

Senior Information Security Manager in Software2 years ago

No.

Most of the ones who say SIEM is dead are those who have failed SIEM deployments.

SIEM is a major enterprise initiative and requires a lot of planning. Where SIEM fails is often due to firms thinking they can deploy and use it with a few clicks.

 

Lightbulb on1

Content you might like

Updates should be released daily.10%

Updates should be released weekly58%

Updates should stay monthly.22%

Updates should be pushed quarterly.8%

Other (comment below)

View Results

Loss of Data10%

Ransomware Infection38%

Credential/account compromise20%

Financial loss/wire transfer fraud2%

Other (comment below)29%

View Results