Security information and event management (SIEM) is still integral to digital security. However, newer entrants to the market claim SIEM as we know it is dead. It seems like every year, another vendor rings the death bells for SIEM.

Yet even groups adopting new tools, like extended detection and response (XDR), see SIEM as an important component of the new stack. SIEM is very much alive. So, why does this popular and effective service get a bad rap?

Let’s debunk some common SIEM myths.

SIEM Can Serve Businesses of Any Size

Myth: SIEM is only for large enterprises. Since most large employers use SIEM tools, SIEM is therefore only useful for large entities with advanced IT teams.

Fact: The best SIEM for you is the one that can adapt to your needs in a modular fashion. While not every business needs all of the bells and whistles, small and medium-sized businesses can perform the essentials to keep their business secure and compliant. Smaller groups without a more robust defense function can find value in out-of-the-box content and analytics to cover standard use cases, such as threat detection, compliance and monitoring.

In addition, businesses don’t stay small forever. You should select a vendor that can fulfill your needs over time as you scale. Larger groups need a platform to expand coverage for more advanced use cases — often augmenting network, user and domain name system analytics. Just because the bells and whistles exist doesn’t mean you need them to get value from your SIEM system. For most, out of the box will be enough.

SIEM Can Be Affordable

Myth: SIEM is too expensive. SIEM requires a large amount of data, and the cost will rise as you scale, becoming too expensive along the way.

Fact: Older SIEM pricing models can often make SIEM more expensive than it needs to be. While not all vendors price SIEM the same way, vendors that use storage-based pricing will become expensive very quickly. Likewise, vendors who use throughput (often measured in events per second) or per-user pricing have been common in the market.

However, in 2020, many vendors have adjusted SIEM pricing models to compensate for the steady increase in data being produced. Some vendors have shifted to non-capacity-based pricing models, often charging by the number of managed hosts, allowing users to more easily predict the cost.

Before you begin to think price, you should ask yourself what data you need for your use cases. The SIEM doesn’t need to crunch all of your data. Instead, you should focus on the data needed for use cases most important to you. For compliance and data retention, it is best to look for a data lake option. Many vendors offer this for low-cost log storage. By offloading commodity logs to a data lake, you can quickly make SIEM projects more feasible and cost-efficient.

Responding to New Threats

Myth: SIEM security tools can only detect known threats. SIEM only uses correlation rules, so it is only good for detecting what you already know.

Fact: While that statement may have been true in 2005, SIEM tools, like the threats they detect, have evolved. Now, SIEM uses multiple types of analytics for cross-layered coverage for different use cases. Correlation is most often used for detecting a known malicious behavior — for example, if a malicious IP or hash file shows up in your environment. These types of analytics often work best with threat intelligence, performing correlation against reputation and threat feeds.

In addition, SIEM can utilize anomaly detection, which is a statistical method used to tell if there are deviations from a baseline. This method is useful in spotting assets sending large volumes of data over the network or using different ports and protocols. Finally, SIEM can use machine learning to model other things, such as user behavior. User behavior analytics within the SIEM system create profiles of users to detect changes that could signal danger, like an insider threat. This mix provides a robust toolkit for detecting both known and unknown threats.

Fact: SIEM is here to stay. SIEM isn’t dead. It’s still a key resource and will continue to be in the future. While the market dynamics have changed, reports, such as the 2020 Gartner Magic Quadrant for SIEM, can help you identify the SIEM solution that best meets your needs.

To learn more about SIEM myths, check out the blog “Six Myths of SIEM.”

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today