How to Cut Through SIEM Vendor Nonsense

By: Jake O'Donnell

If you’re in need of new SIEM tooling, it can be more complicated than ever to separate what’s real and what’s spin.

Yes, Logz.io is a SIEM vendor. But we have people in our organization with years of cybersecurity experience, and they wanted to share thoughts on how best to address the current market.

Our own Matt Hines and Eric Thomas recently hosted a webinar running through what to look out for titled: Keep it SIEM-ple: Debunking Vendor Nonsense. Watch the replay below.



The Realities of the Security Landscape

Gartner recently released a security-focused report titled “Tips for Selecting the Right Tools for Your Security Operations Center.” Within the report (which you can download a complimentary copy of here), Gartner makes the following statement that stood out to us:

Organizations need to consider how new tools contribute to the security team’s mission and enhance, rather than complicate, the work given the burdens already placed on these, typically short-staffed teams (including analysts, engineers, threat hunters and incident responders)…

We’re all used to seeing headlines about the cybersecurity talent shortage out there—from media organizations all the way to the federal government. We talk to customers and partners everyday and can confirm this comes up in nearly every conversation. 

While a select few enterprises have a huge Security Operations Center (SOC) staff, most—even highly-recognizable brands—have just a few SOC staffers.

“This is something we—as security providers—need to meet head-on and address,” Eric says.

The talent shortage means you should expect more from a SIEM vendor, as well as other factors discussed on the webinar, including: 

  • Threats continuing to proliferate
  • An overload of available resources data
  • Budgets under increased scrutiny

As vendors hold the cards on the security tools, organizations need to learn more about how to cut through noise. They have pervasive challenges to address, including but not limited to: making the most of available budget and headcount, reducing complexity, automating where possible without limiting flexibility, and cutting through data to reduce mean time to detection.

What’s Vendor Spin and What’s Reality?

Vendors are as aware of what’s happening in the market as anyone, and they’ve got an arsenal of buzzwords and phrases to try and get people interested in their offerings. They’ll say things like “deploy rapidly with almost no customization” and “full real-time visibility without compromise” to try and get a foot in the door.

“These things are aspirational in a sense, but at the end of the day, they aren’t true,” Matt says.

There’s a common refrain among security executives that we talk to and observe: they just want to know what a product does. If a vendor is afraid to tell you what they actually do, then that’s a sign their product is weak.

“Every vendor is making crazy claims and there’s no clarity about the specific differences between different tools in the same category, whether it’s SIEM, or SOAR, or NDR, or XDR,” Eric says. “You can say whatever you want but it doesn’t end up educating a customer.”

You Might Also Like

Get started for free

Completely free for 14 days, no strings attached.
Start Free Trial
Get a Demo