SIEM, AV, EDR, XDR, NIDS, HIDS - An argument for focusing more on the features we need, and less on the ever changing & widely varying tool categories.

I saw a discussion this morning titled “Is SIEM dying off?” (arguing that XDR can fulfill the need). For a brief moment, I put on my angry face and started typing my disagreement.

But then I realized: I don’t actually care about the SIEM. The product category doesn’t matter. I care about features.

* I need sensors (endpoint & network).
* I need to be able interrupt activity observed by those sensors.

As an analyst:

* I need to send …

amp argument cybersecurity edr features hids siem tool xdr