Summary
Since the beginning of cybersecurity, most companies have focused the majority of their spending on ensuring that they wall off their core infrastructure with the best technology to stop attackers from getting in. Every time a new threat or attack vector emerged, we added another network technology to protect the business from it. Eventually, we had too many consoles to monitor or correlate information between and the security information and event management (SIEM) market was born. Initially, SIEM promised to help us reduce all of the alert fatigue and help us find the root cause of every problem. Unfortunately, SIEM’s initial promise didn’t work out as advertised and became another extremely complex piece of technology that was even more difficult to manage than the network appliances it was meant to protect. SIEM did one thing well that made it worth paying for, though: It provided compliance reports.