When you think of security analytics and operations, one technology tends to come to mind – security information and event management (SIEM). SIEM technology was around when I started focusing on cybersecurity in 2002 (think eSecurity, Intellitactics, NetForensics, etc.) and remains the primary security operations platform today. Vendors in this space today include AlienVault (AT&T) IBM (QRadar), LogRhythm, McAfee, and Splunk.
SIEM has greatly improved over the last 16 years but the underlying architecture remains similar.
