The Evolution of SIEM
The concept of security information and event management (SIEM) has its origins in the need to have a unified view of security events across multiple technologies. From antivirus software detecting malware on some endpoint to a firewall blocking suspicious traffic on an unauthorized port, SIEM gives security operations teams a central dashboard from which they could assess the “security posture” of their organizations. The dashboard serves as a kind of one-stop shop for finding and acting on security-related information, hence the name.
Over the years, expectations from these systems have grown, with marketers beginning to claim that their SIEM platforms can even be used to correlate seemingly isolated events and identify threats that individual security products would otherwise miss.
SIEM, however, is hardly a panacea for all security problems. Issues like complex implementation, lack of flexibility, slow response times, and sky-high costs became seemingly necessary evils. Moreover, the torrent of alerts kept security teams under constant pressure to “close issues.” It was only natural for users to notice the elephant in the room: The reality of SIEM systems had fallen far short of all the hype.