Part of the SIEM problems enterprises face is failing to maintain it with the proper correlation rules.
SIEM use cases or rules are 80% of the value of the product. All SIEM solutions have a correlation feature, but they are not the same. Before choosing a SIEM, you must check correlation capabilities. Each product has many different features and their advantages and limits.
The right SIEM tool varies based on a business’ security posture, its budget and other factors. However, the top SIEM tools usually offer the following capabilities:
Scalability — Ensure the solution has the capability to accommodate the current and the projected growth.
Log compatibility — Ensure that the solution is compatible with your logs
Correlation engine — Does the solution have th...
IBM Security, European Threat Management Sales Leader at IBM
May 11, 2021
Having the SIEM as a central feeder is a traditional solution architecture. The question can be asked , do I have the right security platform ?. As the interconnections to this traditional centralized solution will always need maintaining. In the case of a Security platform this effort is removed.
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
May 12, 2021
A good Security Platform includes SIEM, UEBA, NTA, and SOAR! on a single pane of glass, but I agree all security platforms require constant maintenance to remain viable as a part of the security posture!