Is SIEM dead? If yes, in favor most of what? XDR or something else? If no, will it be one day and why do you think so?

3k views1 Upvote4 Comments

Senior Information Security Manager in Software, 501 - 1,000 employees

Most of the ones who say SIEM is dead are those who have failed SIEM deployments.

SIEM is a major enterprise initiative and requires a lot of planning. Where SIEM fails is often due to firms thinking they can deploy and use it with a few clicks.

Information Security Officer in Government, 1,001 - 5,000 employees
I would say no to that, most SIEM's do take a process to implement especially those that require linux VM instances. On the long term horizon automation through AI notifications straight to your security console just might replace all current SIEM's.
CISO in Software, 10,001+ employees
It is far from dead.  Yes, they are evolving and are more than just log collection, correlation and analytics, but lets be realistic.  They are required for audits, compliance and forensics for historical purposes.  They are not forecasted to disappear any time soon.
CIO in Education, 51 - 200 employees
Despite assertions to the contrary, SIEM is not dead. SIEM is a different tool to EDR/XDR but it very much has a place in your infosec ecosystem. Some of the issues I've seen with SIEM adoption and use relate more to poor deployment / poor understanding of use cases and use case design / insufficient resourcing to help creating use cases / rulesets / dashboards / pricing models etc.

There's, by and large, almost always going to be a need for the ability to analyse and correlate logs to comprehensively investigate security incidents. SIEM fills other regulatory requirements too, and I prefer to see SIEM as an accompaniment to EDR/XDR capability rather than a tool that's replaced by EDR/XDR. 

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
42.1k views131 Upvotes319 Comments

Cyber insurance with ransomware coverage44%

Law enforcement contact(s)44%

Ransomware response plan59%

Ransomware task force/team39%

Bitcoin account for ransomware payments14%

Disaster recovery site33%

Other (comment below)1%



Fraud mitigation19%

Protection of reputation and brand56%

Protection of consumer data19%

Regulatory or compliance requirements6%