(SquareMotion/ShutterStock)
Over the previous decade, SIEM (Safety Info and Occasion Administration) has been a foundational software in enterprise cybersecurity. Designed to gather logs from throughout the IT stack, flag anomalies, and assist investigations, SIEM methods have lengthy performed a vital position in serving to safety groups detect and reply to threats. However what these instruments have been constructed for and what defenders face immediately are two very totally different realities.
A new report from Sumo Logic reveals that as safety leaders rethink their SIEM methods in 2025, they’re putting larger emphasis on AI capabilities, automation, and cloud-native flexibility. In a survey of greater than 500 IT and safety professionals, 70% of respondents mentioned that AI now performs a key position in how assured they really feel about their present SIEM resolution.
Amongst these actively evaluating new instruments, 90% mentioned that AI capabilities are extraordinarily or essential of their choice to undertake a brand new safety platform—whether or not that’s a next-generation SIEM or an alternate strategy.
Corporations are rethinking their SIEM methods as a result of they’re dealing with converging pressures from AI-accelerated assaults, sprawling cloud telemetry that overwhelms analysts, and price range cuts that restrict their means to reply rapidly and scale defenses successfully. On one aspect, attackers are utilizing AI to automate phishing and adapt their ways sooner than defenders can react. On the opposite, safety groups are struggling to maintain up with the amount of telemetry pouring in from dispersed methods—all whereas attempting to keep up compliance and scale back response instances.
(Golden Dayz/Shutterstock)
“Safety groups immediately are balancing fast-changing threats, rising knowledge volumes, and rising calls for for operational effectivity,” mentioned Chas Clawson, Safety CTO at Sumo Logic.
“Our analysis confirms that even organizations assured of their present options’ adaptability are exploring new choices, prioritizing AI-powered, cloud-native options that unify detection, automation, and context. It marks a shift in the direction of Clever Safety Operations, the place AI enhances visibility and accelerates response, with the final word aim of shrinking decision time to close zero.”
AI seems to be already working. For these already leveraging AI-enabled playbooks, 34% reported decreased common incident response. Utilizing AI helped with pre-filtering noise, enriching alerts with contextual knowledge, and faster launch of remediation steps. Which means that by the point human analysts interact, a lot of the groundwork is already accomplished.
Many safety leaders (84%) are actually searching for SIEM instruments that include built-in automation, typically referred to as SOAR (Safety Orchestration, Automation and Response). This functionality helps pace up incident triage and response by dealing with routine steps mechanically. It reduces the burden on analysts and improves decision instances when threats emerge.
Past the attraction of recent options, many consumers are shedding persistence with what they have already got. Within the survey, half of safety leaders mentioned their legacy SIEM fails to combine cleanly with the remainder of the stack, and 95% of respondents exploring options pointed to vendor lock-in as one of many largest roadblocks.
Based on the Sumo Logic report, 75% of safety leaders who say they’re “very assured” of their present SIEM’s means to evolve are nonetheless actively evaluating options. This reveals that not solely is present efficiency essential, however firms are additionally waiting for guarantee their methods will probably be able to deal with what comes down the street by way of each threats and know-how shifts.
(frank60/Shutterstock)
With the sheer quantity of telemetry being generated by cloud environments, safety methods are below stress, and a method they reply is by issuing extra notifications. However 70% of respondents say they battle with alert fatigue and false positives.
To deal with this, extra organizations are adopting AI that goes past detection. The Sumo Logic report factors to a shift towards assistive methods that assist analysts examine points by surfacing context and recommending actions. The longer-term aim is much more formidable: constructing platforms that may study from a company’s surroundings and adapt responses in actual time.
This imaginative and prescient aligns with what Sumo Logic’s Chas Clawson described because the transfer towards Clever Safety Operations. Slightly than counting on patched legacy instruments or increasing groups simply to maintain up, main organizations are leaning into automation and AI-guided investigations to shut the hole between menace detection and response.
On this mannequin, SIEM is not only a place to retailer logs. It’s changing into a real-time system that cuts by means of the noise, brings the precise alerts to the floor, and kicks off the precise response when it’s wanted most.
Whereas using AI brokers in safety roles appears inevitable, a current SailPoint report highlights the dangers of shifting too quick with out correct oversight. The research discovered that many organizations deploying AI brokers have already skilled unintended behaviors like unauthorized entry and knowledge leakage, typically on account of restricted visibility and weak governance. It’s a pointy reminder that as AI takes on extra duty, it should even be topic to the identical id controls and accountability as human customers.
Associated Objects
Databricks Is Making a Lengthy-Time period Play to Repair AI’s Largest Constraint
The best way to Capitalize on Software program-Outlined Storage, Securely and Compliantly
It’s Official: Informatica Agrees to Be Purchased by Salesforce for $8 Billion
