What else can I add to this well-written opinion, other than to agree with every word? SIEM at one point in time was (for some) a 'tick' for the compliance requirement for their organisation. People knew they needed it but hadn’t yet realised its full potential.
While some may not have seen a sustainable future for simple log collection and data classification, SIEM has evolved into so much more. The rapid pace of research and development at LogRhythm means continued releases of award-winning products and feature sets such as UEBA, Cloud AI, Network Monitor and AI Engine.
Managed security service providers and companies around the globe have understood the potential that SIEM can provide, particularly for the 24/7 managed SOC.
SIEM has become so advanced in technology, yet so fully customisable, there really is no limit as to what can be achieved. From forensic data collection, discovering and qualifying threats, to neutralising and automatically remediating to thwart sophisticated attacks.
As organisations continue to fight the ever changing threat landscape, eventual skills maturity will become more proactive. We are starting to see a gradual shift in this respect, specifically when talking about threat hunting.
I may be biased, having spent over five years of my life at one such SIEM vendor, but just like firewalls and AV have become commodity technologies by their very nature and importance, I believe that SIEM will eventually live in every network at every company, sooner or later.
When it comes to cyber defense, it’s time to stop being reactive and become more proactive