"I think SIEM is a starting point for security analytics, but only a starting point," says Ed Bellis, CEO of Risk I/O.
Part of the difficulty with SIEM has been issues of increased security "noise" and complexity of systems feeding into the SIEM.
"SIEMs weren't originally designed to consume much more than syslog or netflow information with a few exceptions around configuration or vulnerability assessment," he says. "Security analytics is more than just big data, it's also diverse data. This causes serious technical architectural limitations that aren't easy to overcome with just SIEM."
For example, SIEM can't account for data sources like financial data that could help with fraud detection, human resource information, metadata about the business, or sentiment data from sources like social media. These kind of external sources to security can prove crucial in pinpointing business risks that require contextual clues to spot.
"Security analytics needs to include big picture thinking -- integration of the meanings and interactions of signals, not just the raw reduction of streams of events," says Mike Lloyd, CTO of RedSeal Networks.