SIEMs have become a victim of scope creep. Over the years, new capabilities, edge requirements, and delivery models have resulted in a product that barely resembles the original. The complexity of today’s SIEM is well documented and well understood, a byproduct of this explosion in scope.
While the evolution of the SIEM has resulted in a product that is far more powerful today than at its inception, vendors have overstated, overpromised, and overhyped its capabilities. Many users have been burned. Here are five false claims you need to watch out for.