SIEMs have been deployed in security operations centers (SOC) for 15 years. The technology was created to take in data and events from security sources, usually the perimeter of the network, and bubble up critical events that required action. But times—and security technologies—have changed, and the demands placed on SIEMs have changed as well. The perimeter has disappeared as services and infrastructure have moved to hybrid cloud and multi-cloud environments, and users have moved to mobile devices and work-from-home scenarios.
Organizations of all types and sizes need to protect more attack surfaces than ever before, in a more connected world, with more data being generated than at any time in history. And the stakes have never been higher. The spoils for attackers have increased dramatically, leading to an exponential increase in the number and sophistication of adversaries. For these reasons, in the last few years, a new type of SIEM has emerged: the next-gen SIEM.