All solutions evolve over time as new technologies are introduced and market shifts occur — and security information and event management (SIEM) is no exception. The most recent changes in SIEM technology are driven by increased cloud adoption, the limited availability of IT talent and mounting regulatory pressure, as well as the growing variety and sophistication of cyberthreats.

What do these changes mean for the future of SIEM technology? Let’s take a step back and consider five significant shifts we expect to see over the next few years.

1. SIEM Will Shift From On-Premises to the Cloud

SIEM will be as relevant to software-as-a-service (SaaS) and cloud systems as it is to on-premises environments. SIEM’s original purpose was to help organizations correlate multiple security telemetry sources to generate a prioritized risk and threat view and provide a single pane of glass for investigations.

The same will be true in the future, except those on-premises sources will eventually be replaced by multiple cloud and SaaS sources.

2. SIEM Technology Will Become the Foundation of Security Analytics

Machine learning and behavioral analytics will become increasingly important, but they won’t replace rules. A security operations center (SOC) must detect both known and unknown threats.

Using rules and signatures is the fastest and most accurate way to detect known threats, but this strategy is not always effective for identifying unknown threats. It also requires many core data pre-processing steps, such as management, interpretation, curation and enrichment. As a result, SIEM technology will become the foundational layer of all security-analytics solutions.

3. AI Will Relieve Overworked Analysts

Artificial intelligence (AI)-powered analytics that investigate and determine the root cause of existing anomalies — as opposed to solutions that generate new alerts and anomalies — will emerge in the marketplace and become essential tools for both full-scale and ad-hoc investigations. AI analytics will not replace existing rules or machine learning anomaly detection algorithms — since these are essential to help analysts detect potential threat signals.

But these signals must be investigated, and many SOCs lack the workforce to do so. AI tools can conduct automated investigations, drive intelligence orchestration and remediation, and act as a force multiplier to make the security team more productive.

4. Cloud Will Make Security Analytics More Consumable

The majority of SIEM — and, therefore, security analytics — will be consumed from the cloud. It will become increasingly challenging for organizations to juggle the breadth of required data sources, operationalize uses cases and analytics and manage the big data infrastructure of a SIEM on-premises. Cloud services deliver much of these resources on demand and in a fully automated manner — dramatically increasing the consumability and utility of SIEM and security analytics tools within the enterprise.

5. AI Assistants Will Augment Human Analysts

AI assistants will be introduced into the market to help analysts set up, configure and continuously maintain use cases within the SIEM. As organizations and their IT infrastructures evolve, so must their security capabilities. Most companies will still struggle to keep abreast of these changes and close gaps that emerge as a result, but AI assistants will be able to perform assessments and automate much of this workload.

We are already seeing signs of this evolution today with AI-powered security analytics solutions, improved outcomes with the adoption of SIEM-as-a-service and newer analytics, such as user behavior analytics (UBA), domain name system (DNS) and cloud analytics, revolutionizing the way SOCs work. It’s an exciting time to be adopting a security analytics strategy — and both the security and cybercrime landscapes are sure to change drastically in the near future in response to these innovations in SIEM technology.

View the interactive infographic: Transforming Noise to Knowledge

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today