Is SIEM dead? If yes, in favor most of what? XDR or something else? If no, will it be one day and why do you think so?
Sort by:
It is far from dead. Yes, they are evolving and are more than just log collection, correlation and analytics, but lets be realistic. They are required for audits, compliance and forensics for historical purposes. They are not forecasted to disappear any time soon.
I would say no to that, most SIEM's do take a process to implement especially those that require linux VM instances. On the long term horizon automation through AI notifications straight to your security console just might replace all current SIEM's.
No.
Most of the ones who say SIEM is dead are those who have failed SIEM deployments.
SIEM is a major enterprise initiative and requires a lot of planning. Where SIEM fails is often due to firms thinking they can deploy and use it with a few clicks.
Despite assertions to the contrary, SIEM is not dead. SIEM is a different tool to EDR/XDR but it very much has a place in your infosec ecosystem. Some of the issues I've seen with SIEM adoption and use relate more to poor deployment / poor understanding of use cases and use case design / insufficient resourcing to help creating use cases / rulesets / dashboards / pricing models etc.
There's, by and large, almost always going to be a need for the ability to analyse and correlate logs to comprehensively investigate security incidents. SIEM fills other regulatory requirements too, and I prefer to see SIEM as an accompaniment to EDR/XDR capability rather than a tool that's replaced by EDR/XDR.