SIEM tools have become more challenging to set up, manage, and use on a day-to-day basis. Busy security teams find themselves overwhelmed by the SIEM solution itself, and this takes their focus away from the actual threats they need to identify and stop. The solution is to offload key threat detection capabilities from the in-house team to a SIEM solution, or service provider. This frees up the in-house security team to focus on strategic initiatives, and importantly, results in more secure systems.
Operational Duties Eclipse Security
A SIEM solution should excel at helping teams identify threats and mitigate them. In recent years, there has been a focus on mitigation, and neglect of actually identifying threats. SIEM has become all about operations and compliance, and less about security. Security teams have reflected this trend. They spend a bulk of their time collecting logs, parsing them, storing them for three months or more, dealing with alerts when they come up, and bringing down the meantime to recovery/response.