Innovations solve longstanding problems in creative, impactful ways — but they also raise new questions, especially when they're in the liminal space between being an emerging idea and a fully fledged, widely adopted reality. One of the still-unanswered questions about extended detection and response (XDR) is what its relationship is with security information and event management (SIEM), a more broadly understood and implemented product category that most security teams have already come to rely on.
When looking at the foundations of XDR, it seems like it could be a replacement for, or an alternative to, SIEM. But as Forrester analyst Allie Mellen noted in her recent conversation with Rapid7's Sam Adams, VP for Detection and Response, the picture isn't quite that simple.
"Some SIEM vendors are repositioning themselves as XDR," Allie said, "kind of trying to latch onto that new buzzword." She added, "The challenge with that is it's very hard to see what they're able to offer that's actually differentiating from SIEM."
Where SIEM stands today
To really understand how the rise of XDR is impacting SIEM and what relationship we should expect between the two product types, we first need to ask a key question: How are security operations center (SOC) teams actually using their SIEMs today?
At Forrester, Allie recently conducted a survey asking SOC teams this very question. While some have focused on the compliance use case as a main driver for SIEM adoption, Allie found that just wasn't the case with her survey respondents. Overwhelmingly, security analysts are us ..
Support the originator by clicking the read the rest link below.
