Is SIEM dead?: Technology vs Consultancy
You are here: Home \ Use Cases \ Is SIEM dead?
19 March 2021 - 17:33, by , in Use Cases, Comments off

It must be a sign of getting old but when going anywhere as a family our radio station of choice is ‘Magic’. My daughter (now 5 and a half) has developed this fascination with asking ‘Is this singer dead now?’. I guess its logical, its music from the last 30, 40 years + so sometimes we answer yes but usually no! This made me think about whether or not music is defined as great because of the singer or because of the style, the composition…the building blocks are all in the right place. Great music doesn’t get old, its stands the test of time, its withstands fads and trends, a little like great Christmas songs, they just dont age even if the original singers do!

Getting back on track with Security (sort of) its made me want to address a current trend in the ‘Cyber arena’ we’ve been seeing more and more of. At Titan we work with a number of key partners who are driving technology advancements and making great new products. There has been rumblings from a lot of these vendors that ‘SIEM is dead’. Its seen as too expensive, too heavy a footprint, requires too much food and water etc etc. Whilst i appreciate their point and i think it is true to some extent I wanted to address my view on SIEM in 2021. SIEM IS NOT DEAD.

My view is that people are in danger of forgetting how to sensibly approach SIEM & as such it’s getting a bad rep!

Vendors are solving that issue with technology that isnt SIEM (but really it is!). Claiming to be lighter-weight, SaaS, quicker to implement, cloud based, no need for long term storage (alerting realtime) and self tuning and learning to minimise effort on the customer side. ALL these claims are undoubtedly true & the decent vendors can evidence it but they come with a price tag! Its also undoubtable that SIEM implemented badly does succumb to all of these issues discussed above. Its been a continuous battle over the last 5 years for Titan to prove that it doesn’t have to work like this…it doesn’t have to take 3 years & 3 million pounds to implement a SIEM solution that generates 3 million alerts every minute and needs a team of 300 to support it and 300 servers for it to run on (sorry for all the 3’s).

Thats where a Use Case driven strategy comes in! At Titan we’ve always believed in a consultative approach to SIEM projects. Always believed ‘its good to talk’. Always believed in the core values of SIEM;

  • Collect the important security data in one place
  • Meet compliance requirements
  • Single pain of glass
  • Make security data accessible to the right people at the right time
  • Improve detection and response times.

None of this has changed, it’s all still important & critical. But don’t tackle everything at once, implement only what you need for your business at that point in time. One size doesn’t fit all & evolving your security solutions is part of staying protected and ahead of the curve.

Finally linking back to my opening gambit, SIEM is a bit like ‘classic’ music. Whilsts Vendors (singers) have come and gone SIEM survives like a fine song or a genre of music but to the new generations of listeners they sometimes need to have it explained why the band, the singer, the album and the song were great. Once they have appreciated that they understand!

The following story boards illustrate our approach to SIEM. Use Case workshops help break down the true requirements to ensure the most efficient deployment of a SIEM from day one.

About author:

Comments are closed here.


May 2022