Black Hat 2024: SIEMs Evolving to Multi-Purpose Data Management Platforms

As the market for security incident and event management (SIEM) platforms has matured, customers want more — namely, platforms that are faster and smarter. And that's driving lots of vendor consolidation in the space, but also new ways of thinking about SIEMs, according to Rakesh Nair, senior VP of product and engineering for Devo, in recent comments to the Dark Reading News Desk during Black Hat USA.

"One of the trends that I'm seeing recently is around data convergence — a lot of customers are now trying to not just bring security data into a unified data platform, but also other datasets," Nair says. Customers want all their data in one place in order to build vertical applications to either security or other related functions, he adds.

Some view this evolution as the merging of SIEM and security orchestration and response (SOAR) functions, heretofore held as competitive and complementary technologies. And Nair says the advent of AI is imbuing both SIEM and SOAR platforms with greater intelligence and processing power, which also hastens the evolution of both platform types.

"Data orchestration customers want to control how they manage the data," Nair explains. They want more flexibility and the ability to repurpose data as needed, especially for AI-related applications. Nair said he noticed a lot of companies using AI as the core philosophy of their product at last year's Black Hat. "I think the right model here would be to infuse AI into everything we do. Every layer we do becomes more smarter," he says.

Rakesh Nair is the senior VP of engineering and product at Devo, where he oversees the company's research and development efforts. With over 25 years of experience in cybersecurity, Rakesh brings a wealth of expertise to his role. He was the co-founder and CEO of Kognos, an autonomous cyber threat hunting platform that Devo acquired in 2022.