Today’s security information and event management products and practices, as well as log aggregation and analysis technology, are still largely the same as they were in 2006. Oh, the players have changed — the big vendors now dominate the SIEM market — but there hasn’t been a revolution in the automation of security management technology or practices that even comes close to matching the revolutions we see in attack vectors almost every week.
It may sound like I’m dinging the SIEM technology vendors for a lack of recent innovation, but I’m not. The problem here really isn’t the vendors, but enterprise security managers. Vendors are only as good as the market demands, and so far, most security pros are still too busy fighting fires to really put much thought, time, or money into the management problem.