The Average SIEM Deployment Costs $18M Annually…Clearly, Its time for a change!
A decade ago, log management was commonly used to capture and retain events for compliance and security use cases. As adversaries and their TTP’s grew more sophisticated, simple logging evolved into security information and event management (SIEM) and the power of rule-driven correlation made it possible to turn raw event data into potentially valuable intelligence. Albeit challenging to implement and make everything work properly, the ability to find the so-called “needle in the haystack” and identify attacks in progress was a huge step forward.
Today, SIEM’s still exist, and the market is largely led by Splunk and IBM Q-Radar. Many customers have finally moved into cloud-native deployments, and are leveraging machine learning and sophisticated behavioral analytics. However, new enterprise deployments are fewer, costs are greater, and — most important — the overall needs of the CISO and the hard-working team in the SOC have changed. These needs have changed because security teams have almost universally recognized that they are losing against the bad guys. The reduced reliance on the SIEM is well underway, along with many other changes. The SIEM is not going away, but its role is changing rapidly, and it has a new partner in the SOC.
