Ashes to ashes, we all fall down: The death of SIEM and rise of SOAR

Security Information and Event Management or SIEM, once upon a time referred to as SEM (security event manager) or SIM (security information management) or SIM/SEM or (replace your preferred acronym here) is a category of software that surfaced to the top in the late 90s with Intellitactics (1996), NetForensics (1999), Arcsight (2000), Q1 Labs (2001), LogRhythm (2003), and Splunk (2003). SIEM solutions would offer hope to security analysts looking to aggregate and correlate all of the log and other event information from different servers and devices on their network into a single place. The efficacy of such a solution was wholly predicated on the power of its correlation engine giving it the ability to see similar indications of compromise (IoCs) generated across different devices and systems in the network in order to eliminate false positives and validate true positives — the concept that A+B+C equals to something bad happening. SIEM solutions became the Syslog-NG on steroids; an open source log server initially released in 1998 as a distributed agent-server log server for centralizing logging in enterprise environments of systems that supported the syslog format. Syslog was developed in the 1980s by Eric Allman as part of the Sendmail project. It was readily adopted by other applications and has since become the standard logging solution on…