Why the traditional SOC and SIEM are failing ?


The primary factor that leads to failed SOC projects is the heavy reliance on the SIEM platform.

Vendors are selling the SIEM as the foundation of an effective SOC where in actual fact the SIEM is just a tool. In most cases, SIEMs are often built around SOC methodology of the 2000s and that methodology today equates to broken use cases, alert fatigue, and burnt out analysts. Add to this recipe a lack of skill around incident response and the inevitable outcome is a flop.