Is SIEM dead? If yes, in favor most of what? XDR or something else? If no, will it be one day and why do you think so?

Security & GRC
3.5k viewscircle icon4 Comments
Sort by:
CIO in Education2 years ago

Despite assertions to the contrary, SIEM is not dead. SIEM is a different tool to EDR/XDR but it very much has a place in your infosec ecosystem. Some of the issues I've seen with SIEM adoption and use relate more to poor deployment / poor understanding of use cases and use case design / insufficient resourcing to help creating use cases / rulesets / dashboards / pricing models etc.

There's, by and large, almost always going to be a need for the ability to analyse and correlate logs to comprehensively investigate security incidents. SIEM fills other regulatory requirements too, and I prefer to see SIEM as an accompaniment to EDR/XDR capability rather than a tool that's replaced by EDR/XDR. 

CISO in Software2 years ago

It is far from dead.  Yes, they are evolving and are more than just log collection, correlation and analytics, but lets be realistic.  They are required for audits, compliance and forensics for historical purposes.  They are not forecasted to disappear any time soon.

Lightbulb on1
Information Security Officer in Government2 years ago

I would say no to that, most SIEM's do take a process to implement especially those that require linux VM instances. On the long term horizon automation through AI notifications straight to your security console just might replace all current SIEM's.

Senior Information Security Manager in Software2 years ago

No.

Most of the ones who say SIEM is dead are those who have failed SIEM deployments.

SIEM is a major enterprise initiative and requires a lot of planning. Where SIEM fails is often due to firms thinking they can deploy and use it with a few clicks.

 

Lightbulb on1

Content you might like

It's been announced that Windows 11 will be serviced on a monthly basis, similar to Windows 10's infamous "Patch Tuesdays". What's the ideal service cadence for this OS?

Updates should be released daily.10%

Updates should be released weekly58%

Updates should stay monthly.22%

Updates should be pushed quarterly.8%

Other (comment below)

View Results

What was the impact of the last successful phishing attack on your organization?

Loss of Data10%

Ransomware Infection38%

Credential/account compromise20%

Financial loss/wire transfer fraud2%

Other (comment below)29%

View Results

Do you have a lock out policy for system accounts? If so, how many attempts do you have it set too? 

Have you considered not having a lock out policy where accounts are vaulted / rotated & standing access is removed?

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

We’re preparing for an IPO on the NYSE as a Foreign Private Issuer and evaluating CIS Benchmarks to measure OS and database hardening.

Our proposed tiers:
• Tier 1 (70–80%) baseline
• Tier 2 (85–90%) for sensitive data
• Tier 3 (95–100%) for mission-critical systems

Is 80% compliance defensible for IPO due diligence with SEC or SFC? Should Tier 3 be considered mandatory for critical systems? And can compensating controls (e.g., PAM, microsegmentation) offset gaps in legacy environments?