The SIEM, or security information and event management console, has been a staple for security teams for more than a decade. It’s the single pane of glass that shows events, alerts, logs, and other information that can be used to find a breach. Despite its near ubiquity, I’ve long been a SIEM critic and believe the tool is long past its prime. This is certainly not the consensus; I’ve been criticized in the past for taking this stance.
While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.
The proof point I offer is the fact that whenever a breach occurs, the SIEM vendor claims to have seen it, yet the breach happened anyway. That was the case with many big-name businesses that suffered a newsworthy cyberattack. Target, Sony, and many others all echoed the same. The SIEM saw it, but the security team missed it. If SIEMs are so powerful, why does this continue to happen?
The answer is that SIEMs can no longer