Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Why traditional SIEM is dead

By Ariel Assaraf
cybersecurity-freepik
August 23, 2021

When SIEM was first introduced to the world of computing by Mark Nicolett and Amrit Williams of Gartner, it revolutionized the way businesses and IT professionals approached systems security. 

By merging information storage/analysis functionality with real-time monitoring and notification of security events, SIEM strategies offer robust protection from both vulnerabilities caused by internal system errors and outside malicious actors.

However, many businesses find that their SIEM dashboards are struggling to maintain system security with the efficiency they once did. The global technological ecosystem is a very different place in 2021 from what it was in 2005. 

With increasingly cloud-based infrastructures, internet and user traffic at unparalleled levels, and new service-oriented architectures, can a traditional SIEM approach effectively monitor and protect against modern security threats?

 

SIEM - A revolution in cybersecurity

Before SIEM, information and event security management had to be handled through different platforms and software. The siloing of SIM and SEM made designing and implementing robust system security incredibly challenging. Without system information and logs, auditing and tracking circumstances leading to a security event required hours of manual input. Without events management, SIM logging offers little in the way of real-time protection.

SIEM dashboards allowed engineers to create intuitive alerting protocols and deploy use-appropriate configuration policies based on real-time and historical data. With SIEM, systems became more secure than ever, with an incredibly reduced investment of both time and finance necessary.

 

Where traditional SIEM fails

It is relatively straightforward to secure a system entirely hosted on an on-premise data center with external access to the company intranet only possible through the access gateway on the customer website API.

As the monolithic systems of yester-year upscaled, system security concerns usually could be addressed with a simple increase in capacity. Rarely did growth create multiple new attack surfaces with every deployment or implementation. The merging of SIM and SEM was enough of a step forward to keep up.

The simplicity of IT infrastructure in 2005 may be slightly exaggerated there, but the point still stands. The systems cybersecurity professionals and engineers need to secure in 2021 are vastly more complex than the average monolithic systems in use when SIEM first emerged. Just as modernity rendered SIM and SEM silos obsolete, advances in technology have made SIEM increasingly ineffective for a wide variety of reasons. 

 

SIEM dashboards are only as good as the data they’re fed

At its most basic level, a SIEM dashboard is a tool that ingests system/machine data and transforms it into alerts and organized datasets that can be searched and queried. However, the data sources SIEM dashboards rely heavily on are outdated for modern cloud and network-reliant systems. 

SIEM dashboards don’t traditionally use captured packets for alerting and response. In an ecosystem where cyberattacks originate from exploited network vulnerabilities, overlooking this crucial forensic evidence leaves systems open to repeat occurrences.

 

SIEM requires Use Cases to keep systems secure

A Use Case is a set of technical rules and actions converted from a business threat. Often these are existing threats, with Use Cases built to prevent a recurrence. Many SIEM tools can build Use Cases for your existing systems based on common threats and risks. 

Without Use Cases, your SIEM dashboard can’t create effective event alerts. Use Case necessity makes it a challenge to create alerting rules for potential events proactively. In a world where the threat landscape changes daily, this is a significant weakness.

 

SIEM dashboards accumulate superfluous data

PCAP (Packet Capture) methods used by traditional SIEM dashboards are ineffective in a world where machine analysis and automation are the norms. They lack sufficient functionality to flag irrelevant or bad data sources pre-ingestion, leading to unneeded and superfluous data reams. 

 

SIEM dashboards provide no context

Context is vital for effective event response. Knowing what happened teaches you very little if you don’t also know how and why.

Many SIEM dashboards are configured for hyper-efficient data collection but have a sub-standard capacity for log enrichment. Without enriched logging to provide context to event logs, it’s impossible to make effective and informed strategy decisions or policy implementation. 

Lack of context is an issue for alerting as well, with every slight deviation from a catch-all ruleset being flagged as suspicious.

 

SIEM is high maintenance

SIEM predates the widespread market penetration of AI, machine learning, and automation. As such, SIEM dashboards and functionality require significant security expertise and manual input from analysts and engineers.

From building Use Cases to manually updating configurations and rulesets every time a new system component is added, SIEM dashboards require much more maintenance and manual input than modern security solutions.

 

Observability platforms meet SIEMs shortcomings

In short, SIEMs ‘data in, events out’ approach is too simplistic and requires too much human input to create a fully secure system in today’s technical climate.

What’s needed is a solution that provides information and events management functionality in the contemporary threat landscape. For many engineers, observability platforms fill this need.

 

Observability platforms access a wide range of sources

Observability platforms provide more comprehensive system visibility for cloud-based and service-oriented architectures. They can harvest data from a wider variety of sources than a traditional SIEM dashboard and aggregate that data in a single cross-service platform. 

Ultimately, modern system security requires a greater emphasis on network security than traditional SIEM dashboards provide. A SIEM-inclusive observability platform enables the network-centric focus modern security solutions need.

 

Observability platforms are more intuitive than SIEM

Maintaining and configuring SIEM platforms requires significant system security expertise. In a recent survey, 44% of organizations stated they lacked the necessary staff expertise to operate their SIEM effectively. SIEM dashboards require financial investment not only in the dashboards themselves but in the staff to manage them. 

Observability platforms are much more intuitive. While they don’t simplify tasks to the point that non-IT staff could perform them, they make basic security activities such as deploying agents or parsing logs accessible to more engineers and administrators. 

 

Observability platforms have greater AI, automation and ML support

Traditional SIEM relies primarily on static alert thresholds. These require manual data and log analysis, followed by further manual Use Case creation. They also produce many false positives and can’t change and adapt with the broader network unless manually reconfigured.

Observability platforms, on the other hand, can automate everything from threat detection to multi-source log aggregation. What’s more, thanks to AI and ML capabilities, modern observability platforms don’t require Use Cases to create and implement new, proactive alerting policies. 

 

Observability platforms provide context for security events

Context is the key advantage observability platforms have over traditional SIEM. Observability platforms will include the same data types harvested by SIEM as part of an automated, system-wide monitoring platform. 

This provides the context to know why an event happened, how it happened, the impact it’s had on your systems and wider business, and what the best course of action is to prevent it from happening again.

 

Observability platforms are low-maintenance solutions

SIEM solutions are notoriously expensive. Hardware SIEM costs can start at a low end of $25,000. That’s before costs are factored in for the aforementioned SIEM expertise.

Because many observability platforms are available as a PaaS model, they come with significantly lower financial costs. Providers also deploy regular updates, bug fixes, and increased functionality. As an externally hosted service, maintenance costs are also eliminated.

 

Observability platforms are making traditional SIEM obsolete

Visibility and context are two of the most significant shortcomings of traditional SIEM. Modern observability platforms provide visibility, context, and AI-backed analytics and insight, to provide a comprehensive system security solution at a fraction of the labor/financial cost of SIEM. 

By opting for an observability platform inclusive of SIEM, instead of a SIEM dashboard exclusively, business owners and systems engineers can manage system security from an intuitive platform that allows pro-active strategy and implementation of new configurations and policies.

KEYWORDS: cyber security event security risk management security management SIEM

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ariel Assaraf is CEO at Coralogix. A veteran of the Israeli intelligence elite, he founded Coralogix to change how people analyze their operation, application, infrastructure, and security data — one log at a time. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • dataminr-gsoc6

    3 key reasons why SOCs should implement policies over security standards

    See More
  • cyber_lock

    The Necessary Evolution of SecOps to DevSecOps

    See More
  • Laptop on table

    Why SIEM’s obituary was written too soon

    See More

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing