Security information and event management (SIEM) is still integral to digital security. However, newer entrants to the market claim SIEM as we know it is dead. It seems like every year, another vendor rings the death bells for SIEM.

Yet even groups adopting new tools, like extended detection and response (XDR), see SIEM as an important component of the new stack. SIEM is very much alive. So, why does this popular and effective service get a bad rap?

Let’s debunk some common SIEM myths.

SIEM Can Serve Businesses of Any Size

Myth: SIEM is only for large enterprises. Since most large employers use SIEM tools, SIEM is therefore only useful for large entities with advanced IT teams.

Fact: The best SIEM for you is the one that can adapt to your needs in a modular fashion. While not every business needs all of the bells and whistles, small and medium-sized businesses can perform the essentials to keep their business secure and compliant. Smaller groups without a more robust defense function can find value in out-of-the-box content and analytics to cover standard use cases, such as threat detection, compliance and monitoring.

In addition, businesses don’t stay small forever. You should select a vendor that can fulfill your needs over time as you scale. Larger groups need a platform to expand coverage for more advanced use cases — often augmenting network, user and domain name system analytics. Just because the bells and whistles exist doesn’t mean you need them to get value from your SIEM system. For most, out of the box will be enough.

SIEM Can Be Affordable

Myth: SIEM is too expensive. SIEM requires a large amount of data, and the cost will rise as you scale, becoming too expensive along the way.

Fact: Older SIEM pricing models can often make SIEM more expensive than it needs to be. While not all vendors price SIEM the same way, vendors that use storage-based pricing will become expensive very quickly. Likewise, vendors who use throughput (often measured in events per second) or per-user pricing have been common in the market.

However, in 2020, many vendors have adjusted SIEM pricing models to compensate for the steady increase in data being produced. Some vendors have shifted to non-capacity-based pricing models, often charging by the number of managed hosts, allowing users to more easily predict the cost.

Before you begin to think price, you should ask yourself what data you need for your use cases. The SIEM doesn’t need to crunch all of your data. Instead, you should focus on the data needed for use cases most important to you. For compliance and data retention, it is best to look for a data lake option. Many vendors offer this for low-cost log storage. By offloading commodity logs to a data lake, you can quickly make SIEM projects more feasible and cost-efficient.

Responding to New Threats

Myth: SIEM security tools can only detect known threats. SIEM only uses correlation rules, so it is only good for detecting what you already know.

Fact: While that statement may have been true in 2005, SIEM tools, like the threats they detect, have evolved. Now, SIEM uses multiple types of analytics for cross-layered coverage for different use cases. Correlation is most often used for detecting a known malicious behavior — for example, if a malicious IP or hash file shows up in your environment. These types of analytics often work best with threat intelligence, performing correlation against reputation and threat feeds.

In addition, SIEM can utilize anomaly detection, which is a statistical method used to tell if there are deviations from a baseline. This method is useful in spotting assets sending large volumes of data over the network or using different ports and protocols. Finally, SIEM can use machine learning to model other things, such as user behavior. User behavior analytics within the SIEM system create profiles of users to detect changes that could signal danger, like an insider threat. This mix provides a robust toolkit for detecting both known and unknown threats.

Fact: SIEM is here to stay. SIEM isn’t dead. It’s still a key resource and will continue to be in the future. While the market dynamics have changed, reports, such as the 2020 Gartner Magic Quadrant for SIEM, can help you identify the SIEM solution that best meets your needs.

To learn more about SIEM myths, check out the blog “Six Myths of SIEM.”

More from Intelligence & Analytics

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…

What Can We Learn From Recent Cyber History?

The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are the headline breaches and supply chain attacks to consider. Over recent years, what lessons can we learn from our recent history — and what projections…

When Logs Are Out, Enhanced Analytics Stay In

I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, and just recently made the jump to security software, hence my question. “Because SIEMs are hard to use. A SIEM purchase is just a checked…

4 Most Common Cyberattack Patterns from 2022

As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape. It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful. In this article, we’ll round up some of the most common cyberattack patterns we…