This week I was researching the current state of the SIEM market, and I was pleasantly surprised to see the progress that has been made in many SIEM products.
If you’d asked me about SIEM products a few years ago, I would have said they were irritable, accident-prone giants. They took up a lot of time and money as administrators struggled to customize their policies and clean up the messes made from too many false positives.
But this week I found out the giants have grown up and calmed down. Administrators say the interfaces and wizards are a lot easier to use, and automated threat responses have become more reliable, doing the job they were meant to do.
They’ve scaled down, too. SMBs are finally able to take advantage of SIEM functions with lower-priced products (albeit with lower capacity, too). Other SMBs are getting their SIEM benefits through managed services.
Of course, there’s still plenty of room for improvement. Jessica Ireland, an analyst at Info-Tech Research Group, says vendors are working to integrate SIEM with GRC and security infrastructure products. If they succeed, they will go a long way toward helping us react to threats ever faster and more precisely.
I hope SIEM vendors will proceed with caution and not let SIEM platforms get out of hand again by trying to do too much. I’d hate to see those cumbersome giants come back.