New SIEM Challenges

A quick look at the future of SIEM and the changes that need to be made to catch up to SOAR

Rick Watts, Relationship Manager

New SIEM Challenges

Thursday, March 26, 2020

We all know that a security information and event management (SIEM) system is a great way to collect log and event information from disparate networks—did you know that it’s also useful for initial analysis and categorizing alerts?

So why is it that SIEM is often compared to the newer, increasingly popular security orchestration, automation, and response (SOAR) tools. SOAR has some useful features traditional SIEM products do not; the biggest differentiator is also the greatest opportunity—ORCHESTRATION.

Let’s look at the future of SIEM and the changes that need to be made to catch up to SOAR:

  1. SIEM products need to become more intelligent about providing alerts when action is required. The biggest complaint about a SIEM installed in a large IT infrastructure is that the security team becomes inundated with potential threats they should track down but can’t due to lack of manpower. By comparison, newer ORCHESTRATION platforms offer more advanced analysis and correlation engines that lessen the number of false positives.

  2. SIEM can’t provide alerts about a potential security problem and be done. Rather, it needs to take SOAR’s example and provide actionable steps a security administrator should take to quickly investigate and remediate the threat.

  3. SIEM should provide two-way communication between the devices sourcing log and event data. Having a way to communicate back to the source device provides opportunities to use automation to find a solution to a security issue, as well as remediate it without human intervention.

The logical conclusion is that SIEM and SOAR will soon evolve into a single tool for security departments to manage, and LogZilla’s Network Event Orchestrator platform (LZ NEO) is well poised to be on the front end of that solution for enterprise teams worldwide.

Watch LZ NEO in real time now

Rick Watts

Rick Watts

Relationship Manager
Jacksonville Beach, FL,

About Rick

Rick Watts brings his 20 years of selling to grow the entire southeast and southwest regions for LogZilla's sales team. Rooted deeply in developing strong relationships with customers as reflected in his two decades leading insurance sales, Watts seeks to educate customers on solutions around todays most pressing financial and risk-based network challenges. Watts resides in Florida
Tags: LZ NEO , LogZilla Network Event Orchestrator platform , orchestration , automation , SOAR , SIEM , Preduplication , NEO , Data , security administrator , event management