Security information and event management (SIEM) systems remain a key component of security operations centers (SOCs). Security orchestration, automation, and response (SOAR) frameworks, meanwhile, have emerged to fill the gap in these capabilities left by many SIEM systems.
But as many companies have begun reaching the limits of SIEM and SOAR systems over the last few years, they have started turning to other solutions such as extended detection and response (XDR). But does this shift spell the end of SIEM and SOAR? Or is the future one of component-based cooperation?
Here’s what SOAR and SIEM look like in 2023 and what’s on the horizon for enterprise security.
SIEM and SOAR: What’s Changed Since 2020?
In 2020, a Security Intelligence piece spoke to the increase in fast, flexible and customizable cloud-based SIEM solutions. The piece also highlighted the need for SOAR deployments to help companies automate key operations and respond to emerging threats.
Three years on, the market has evolved. While most SOCs still rely on SIEM tools, IT professionals are painfully aware of their limitations. Much like legacy technologies that may frustrate moves to the cloud, aging SIEM solutions can hamper effective incident response.
The reason is simple. While logging and event management are necessary to understand one’s current security posture, they’re not enough in isolation to address issues as they occur. Combining them with SOAR helps extend their usable life but doesn’t eliminate the main issue. At their core, these tools are reactive, not proactive, meaning their security benefits are finite.
trends changes
