KuppingerCole Report
Leadership Brief
By Alexei Balaganski

Find Your Route from SIEM to SIP and SOAR

Security Information and Event Management (SIEM) platforms have been a key part of many enterprises’ cybersecurity infrastructures for over a decade. However, facing the growing number and sophistication of cyber threats, even the largest security operations centers built around them fail to respond to attacks in time. Are SIEMs a thing of the past already? This Leadership Brief provides some insights and recommendations.
By
ab@kuppingercole.com

Content of Figures

  1. Figure 1 SIEM evolution timeline

1 Executive Summary

For years, SIEM solutions have dominated the enterprise security market, and even nowadays they are still widely used to power security operations centers (SOCs) in large companies or managed security services for smaller ones. At the beginning of the Digital Transformation era, when perimeter-focused tools like firewalls were no longer able to protect corporate networks, the scope of cybersecurity was gradually shifting towards threat detection. Back then, SIEMs were hailed as the ultimate solution to all security challenges: after all, centralized collection and management of security-related data across all corporate IT systems is a key prerequisite for quick analysis and response to cyberthreats.

However, in just a few years, it became clear that SIEM solutions were failing in delivering on their promises, with companies deploying them facing multiple obstacles and challenges. High deployment and operational costs, lack of intelligence to react to modern cyberthreats and, last but not least, the growing skills gap to staff the security teams needed for efficient security operations were the most common problems of legacy SIEM tools.

However, the emergence of breakthrough technologies like Big Data and Machine Learning (ML) has continuously driven innovation in the cybersecurity market throughout the last decade. New intelligent automation capabilities, whether integrated directly into newer SIEM solutions or augmenting the existing ones with new functions, ensure that security monitoring, forensic analysis, and incident response remain a core component of any modern cybersecurity architecture.

2 Analysis

Traditional SIEM platforms, which have long been the core of security operations centers, have gone a long way to become really good at aggregating se ...

From that moment, the security analytics market has rapidly expanded, offering a wide range of real-time security intelligence products. Such tools pr ...

Login Get full Access

3 Recommendations

The market of security intelligence and automation solutions is still far from reaching the plateau of maturity and the products offered by various ve ...

Login Get full Access

4 Related Research

Advisory Note: KRIs and KPI for Cyber Security – 80239
Advisory Note: Maturity Level Matrix for Cyber Security – 72555
Advisory Note: Real-Time Security Intelligence – 71033
Leadership Brief: Responding to Cyber Incidents – 80209
Blog: Artificial Intelligence in Cybersecurity: Are We There Yet?
Webcast: Get the SIEM You’ve Always Wanted: Intelligent, Automated, with Unlimited Capacity

Copyright

©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top