Briefing Summary

• The first SIEM solutions (SIEM 1.0) had many limitations including a narrow focus on security and data reduction; limited forensics and contextualization; unfulfilled promises on correlation; and high cost.
  
• Many organizations with a SIEM are not realizing its full value, as SIEM is often used for compliance but not much else.
  
• Collecting app logs is increasingly important but can be difficult. Various approaches to get at these logs can be tried.
  
• SIEMs must support the work of analysts through filtering and visualization tools as well as through automation.
  
• SIEM 2.0 will provide better environmental awareness (which includes network, host,and data awareness) and superior forensics capabilities, and will be deployable incrementally.

SIEM 2.0: Integrating Five Key Requirements Missing
In 1st Gen Solutions