Goodbye event handling, hello extended detection and response


Deconstruct SIEM

Security and Information Event Management (SIEM) solutions have traditionally been at the center of the security operation. Ingesting firewall and endpoint logs from local and other sources, it serves as a unifying platform for security telemetry and a go-to place for security analysts to conduct investigations about incidents and alerts. However, as valuable as they are, security teams are increasingly reporting that SIEMs have become “expensive, complex, and resource-intensive” (ESG’s survey “The Impact of XDR in Modern SOC”).

If we break down the main use cases of SIEM, we could approach them from two main angles:

  1. Data aggregation and storage: collection, normalization and storage of all event logs, also used for auditing and compliance;
  2. Threat detection and responsebased on manual configuration of rules and alerts triggered by these rules or deviations from standard behavior.

But security practitioners are calling for a change: with siled security and organizational data, the overload of manual and time-consuming security scans, and prohibitive licensing models, security operations are only getting more difficult.


Comments are closed.