惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cisco Talos Blog
Cisco Talos Blog
V
V2EX
C
Check Point Blog
GbyAI
GbyAI
D
Docker
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
B
Blog RSS Feed
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
Netflix TechBlog - Medium
T
Troy Hunt's Blog
博客园 - Franky
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Microsoft Security Blog
Microsoft Security Blog
P
Privacy & Cybersecurity Law Blog
WordPress大学
WordPress大学
The Cloudflare Blog
S
SegmentFault 最新的问题
Latest news
Latest news
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
I
InfoQ
博客园 - 【当耐特】
NISL@THU
NISL@THU
A
About on SuperTechFans
T
Tailwind CSS Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Scott Helme
Scott Helme
雷峰网
雷峰网
C
CXSECURITY Database RSS Feed - CXSecurity.com
Security Latest
Security Latest
V
Vulnerabilities – Threatpost
Security Archives - TechRepublic
Security Archives - TechRepublic
A
Arctic Wolf
Hacker News: Ask HN
Hacker News: Ask HN
N
News and Events Feed by Topic
IT之家
IT之家
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
aimingoo的专栏
aimingoo的专栏
T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
SecWiki News
SecWiki News
大猫的无限游戏
大猫的无限游戏
S
Security Affairs
The Register - Security
The Register - Security
www.infosecurity-magazine.com
www.infosecurity-magazine.com
L
LINUX DO - 热门话题
T
Tor Project blog

SECURITY.COM

Daxin Returns: Stealthy Malware Resurfaces in Taiwan Alongside a New Backdoor The Detection Gap: MITRE ATT&CK T1140 and T1105 Humble Brag: Symantec® Data Center Security Achieves Common Criteria Certification GodDamn Ransomware: Latest Beast Rebrand Uses Malicious Driver to Disable Defenses Tips to Harden Your Air Gapped Environments The Visibility Challenge Nobody Asked For AV-TEST Gives Symantec® Endpoint Security Complete a Perfect Score The BYOVD Epidemic: How Attackers Are Weaponizing Trusted Windows Drivers to Kill Security 🎙️SECURITY.COM The Podcast: The Parasite in the Machine: Unmasking the Speagle Infostealer Your DLP Incident Backlog Owes You Closure Backdoor.Mistic: New Backdoor May be Linked to Ransomware Access Broker 5 Reasons Symantec® CBX Delivers Total Endpoint Visibility 8 XDR Questions From the Show Floor Another Year, Another Win: SE Labs® Recognizes Symantec® Endpoint Security Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden Locking Down the Server 🎙️SECURITY.COM The Podcast: The Death of SIEM Threats Rise on a Tide of Global Unrest When Nation-States Stop Caring About Size Espionage Campaign Targeted Stock Exchange Executive for Five Months Data Security Is Having A Moment 5 Ways XDR Helps SOCs Act Faster 🎙️SECURITY.COM The Podcast: The Evolution of Cybersecurity PR with W2 Communications The Maximalism Trap: When More Becomes Too Much Symantec DLP Cloud and DPSM are the Power Couple Security Strategists Need Symantec DLP Cloud and DSPM are the Power Couple Security Strategists Need The Future of the Partnership: AI, Automation, and Ecosystems Fast16: Pre-Stuxnet Sabotage Tool Was Built to Subvert Nuclear Weapons Simulations 🎙️SECURITY.COM The Podcast: Iran’s Cyber Warfare Playbook: What Defenders Need to Know Right Now 5 Ways To Keep AI in Check Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign Doing More with Less: How Government Agencies are Rethinking Cybersecurity Navigating Compliance and Insurance as a Competitive Edge Every Defender Deserves Frontier AI The New Partner-Vendor Relationship DLP Made Easier on the Teams Running It The EU Digital Wallet: Why Waiting is Not an Option Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft Stopping Data Leaks at the Speed of AI Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor How AI Increases the Load on Security Teams Web Traffic Visibility is the New Non-Negotiable The Agentic AI Tsunami is Here: Is Your Legacy IAM Sinking or Swimming? Technical Enablement vs. Marketing Noise Enterprise-Grade Security for All in 2026 Architecting for Margin Beyond the Initial Sale 🎙️SECURITY.COM The Podcast: A Brief History of Data Loss Prevention Symantec CBX Through the Paparazzi Lens The U.S. Navy’s Playbook for Cost-Controlled, Reliable Cybersecurity The Modern Threat Landscape and The Partner’s New Burden Symantec CBX Rocked RSAC 2026 Conference For Financial Services, a Wake-Up Call for Reclaiming IAM Control The Next Identity Shift Cyber Legends: Behind the Scenes of CBX Built for This Moment (and All Those to Come)
Is SIEM Trying to Do Too Much?
About the AuthorBruce DeakyneSenior Product Line Manager, Enterp · 2026-05-04 · via SECURITY.COM
  • Despite its utility, SIEM experienced an environmental mismatch as applications proliferated at a never-before-seen rate.
  • The challenge of normalizing a thousand different applications overwhelmed users who wanted a more out-of-the-box experience.
  • In 2026, XDR continues to evolve as the security landscape moves toward meaningfully integrated platforms that offer prioritized AI-powered threat intelligence.

At first it was tempting to give this blog a clickbait title like “Why SIEM Failed.” The problem is, it didn’t. From the outset, SIEM held great promise—and it delivered. In an over-burdened security world plagued by complexity, SIEM solved many problems. It offered consolidated intelligence from multiple sources in a mineable data lake on a single pane with automated compliance reporting, and the promise of cross detection surface detection and response. SIEM achieved near universal appeal by addressing annoyances and productivity eroders like window fatigue. 

However, as applications proliferated, SIEM started to feel unwieldy. It demanded increased budget, time, and additional headcount to manage the complex task of normalizing diverse security data from hundreds of sources. What used to be an answer to tool sprawl became somewhat of a sprawling tool itself. 

So, given SIEM’s ongoing relevance, let’s ask a more nuanced question: Why did SIEM fail to deliver effective cross security domain detection and response? In other words, why did the XDR market need to emerge when SIEM essentially promised to solve the same problems two decades earlier? 

Why SIEM’s unified cloud security is no match for consumer demands

SIEM’s vendor agnostic capabilities had significant promise when organizations had a few key security tools that mostly supported standards such as CEF and LEEF. However, they just couldn’t keep pace with proliferating cloud applications and burgeoning tech stacks lacking standardization.

Normalizing cloud services requires an expert understanding of the relationships between disparate data sources and how the larger product leverages them. A SIEM might be able to make logins to AWS, GCP, and Azure all look the same. But AWS has over 200 services. Is it realistic to make GCP Cloud Build look like AWS CodeBuild and Azure DevOps? Even if present-day normalization and correlation rules work, can teams keep up with the pace of innovation of every product, especially in the age of AI development?

This new challenge strained an already complex problem space. Normalization required increasing headcount, driving up cost. Meanwhile, new hires often lacked experience to assess value in context, driving up time spent in training. Many orgs responded to the increased workload by outsourcing this work to control costs, risking errors by atomic teams lacking deep security expertise.In other words, achieving normalization while maintaining security knowledge proved difficult.

It’s easy to see how hundreds of non-standardized applications called for subject matter expertise, time, and money that exceeded organizational capacity. As one example, Splunk’s shift from a vast data lake to a more targeted data mining resource required increased manual normalization and hands-on correlation by developers and end users. This burdened consumers seeking a more plug and play solution. 

Going forward, LLMs will no doubt assist in the battle to normalize and correlate the next wave of AI-powered application growth. However, most organizations will be slow to build trust, since even a single hallucination could drown a SOC in false positives—or, even worse—lead them to miss a critical signal and let an attacker gain ground.

The road to XDR

In the 2010s, cost constraints shifted industries away from collecting vast amounts of data and toward a greater focus on endpoints as a key security control point. In response, Carbon Black pioneered Endpoint Detection and Response (EDR). Throughout piloting and testing EDR, Carbon Black developed expertise informed by close partnerships with SIEM providers, pinpointing existing weaknesses and tailoring EDR to meet the needs of the changing industry. 

Since EDR is the foundation of effective cross-detection surface analytics, customers clamored to get this data into their SIEMs, often running into scale and cost limitations. Carbon Black’s industry leading Data Forwarder and custom filters enabled customers to target specific use cases to meet their budgets. But that forced hard choices and ultimately fogged up the single pane of glass SIEM once promised.

The threat landscape kept evolving, however, and organizations found they needed more rapid threat response fueled by data convergence through a streamlined and prioritized lens. Thus Extended Detection and Response (XDR) was born. As the Forrester Wave identified, XDR reflects an industry-wide security team shift toward “platforms that converge data from network, identity, endpoint, application, and other security-relevant sources to generate high-fidelity behavioral alerts and facilitate rapid incident analysis, investigation and response.”  

XDR offered integrated data from endpoints, networks, and the cloud for a holistic view of the threat landscape. Notably, XDR signaled a general rejection of siloed expertise and tools in favor of more centralized, correlated data and intelligence. Its focus is its strength.

While XDR improves on traditional SIEM, it is not the deus ex machina security practitioners have been awaiting. XDR is still in transition—emergent, but not entirely ready to take on the challenges of the developing threat landscape and complex use cases. At least, not until now.

XDR evolves to do more with less

Broadcom’s Symantec and Carbon Black are collaborating to create offerings that move XDR in the right direction. Single agent security takes one big step forward on the path of streamlined, sum-greater-than-parts security that is easy to use, cutting down on the need for costly hiring and training and the inevitable missteps as less experienced security analysts are onboarded.

The two brands have worked alongside each other to integrate with SIEM systems, and now they are united in evolving XDR. 

What drives that evolution matters. Forrester’s recent report emphasizes that products must evolve to survive current client demands in a changing threat landscape, and not the other way around. In other words, this change is not a vendor-driven attempt to come up with “the next big thing,” but a change driven by a need that is arising organically—if AI can be called organic—in a threat space that’s changing tactics at machine-speed

In the 2026 threat space the work is far from done. Any vendor who tells you otherwise is bending the truth. New security developments are points on an evolutionary timeline, with more, likely unceasing, change expected. So, why adopt new products if further change is still likely? For one thing, you can’t afford to sit on the sidelines and wait until a perfect, finalized product appears. Change is simply happening too fast. Waiting means falling behind and making yourself very vulnerable to big threats. This is, perhaps, especially true for  cash-strapped teams who are now facing enterprise-grade threats with mom-and-pop style SOC. Inertia is not an option. 

Symantec CBX: Meeting the market where it lives

For security teams seeking a better solution, the wait is over. Broadcom recently announced Symantec CBX, a cloud-based platform that combines the best Symantec and Carbon Black technologies in one intuitive solution. Symantec CBX puts industry-leading capabilities into the hands of the largest segment of the cybersecurity market: organizations whose security needs keep escalating in an AI-driven threat landscape, even as their resources remain stagnant.

For the first time, budget-limited security teams will have access to premium protections that were previously priced and configured beyond their reach, from Secure Web Gateway (SWG) filtering to world-class data security capabilities. Tying it all together is a groundbreaking ability to correlate incident signals across endpoints, networks, and data, turning noise into insight and driving down the costs of operating and maintaining SIEM platforms. 

Security teams need to know what’s happening in their environments, and CBX delivers that visibility. No more security through obscurity for them.

AI in the future of security

Machine Learning (ML) and agentic AI reshape the threat landscape daily. There’s no going back. Instead, Carbon Black and Symantec are focused on staying future-ready and even getting ahead of what’s ahead. Rather than trying to outrun AI or minimize its impact, they are embracing it. Building off of decades of AI development and use, they are evolving solutions that leverage AI to increase visibility, lower the cost of data storage and interpretation, and reduce analyst workload and alert fatigue.

We call it deploying AI to make life easier for humans at the helm. Symantec CBX is filled with AI-enabled protections that prevent living off the land (LOTL) attackspredict attackers’ next four to five moves, and enable analysts of any level of expertise to dynamically and visually explore attack chains. These features mean even the most cash-strapped teams can harness the same capabilities as their much better-resourced counterparts. CBX is a game-changer, and it shows how AI is shaping the way all organizations can battle sophisticated threats at scale.

AI enhances XDR for a “just right” solution

AI’s ease of use offers obvious value to attackers, with Large Language Models (LLMs) introducing critical cybersecurity risks like theft and data poisoning, as well as supercharging attacker capabilities enough to turn even a beginner-level reel caster into a master phisherman. LLMs have the potential to leak sensitive data or generate malware. But, in the hands of the good guys they can speed up detection and defense.

Notably, AI renders platforms generalist-friendly, an important feature in a field that is moving away from the expense of siloed expertise. That’s why platforms that integrate and leverage machine learning cut alert fatigue by prioritizing threats and offering time-saving summaries like the ones delivered by Symantec Endpoint Security-CompleteCarbon Black Threat Tracer—and now, Symantec CBX.

AI used right shows potential to result in better-interpreted cross-domain visibility, lower data costs, and reduced analyst workload. 

Check out SECURITY.COM The Podcast and listen in as host Dan Mellinger and guest Nate Fitzgerald, head of product management for Broadcom’s Enterprise Security Group, offer an entertaining deep dive into how platformization is reshaping the future of cybersecurity.

You might also enjoy

Is SIEM Trying to Do Too Much?

Bruce Deakyne

Bruce Deakyne

Senior Product Line Manager, Enterprise Security Group, Broadcom