A SIEM is a very established technology with a mature set of vendor products but has recently become a victim of scope creep. Over the years, new capabilities, edge requirements, and delivery models have resulted in a product that barely resembles Version 1. The complexity of today’s SIEM is legendary (well-documented, well-understood), a byproduct of this explosion in scope.
While the evolution of the SIEM has resulted in a product that is far more powerful today than at its conception, vendors have overstated, overhyped, and over-promised about its capabilities. Many users have been burned — here are the five claims you need to watch out for.