Security information and event management software (SIEM) products have been an enduring part of enterprise software ever since the category was created back in 2005 by a couple of Gartner analysts. It is an umbrella term that defines a way to manage the deluge of event log data to help monitor an enterprise’s security posture and be an early warning of compromised or misbehaving applications. It grew out of a culture of log management tools that have been around for decades, reworked to focus on security situations. Modern SIEM products combine both on-premises and cloud log and access data along with using various API queries to help investigate security events and drive automated mitigation and incident response.

For CSOonline, I examined some of the issues for potential buyers of these tools and point out some of the major issues to differentiate them. This adds to a collection of other buyers guides of major security product categories:

• SOAR
• CNAPP
• CASB
• EDR
• IPS/IDS

The class of products called SOAR, for Security Orchestration, Automation and Response, has undergone a major transformation in the past few years. Features in each of the four words in its description that were once exclusive to SOAR have bled into other tools. For example, responses can be found now in endpoint detection and response tools. Orchestration is now a joint effort with SIEM tools. Many of these features are now found in managed security products that go by other names, such as threat and incident response or cloud security posture management (CSPM). And many of the SOAR tools are no longer just focused on security but have expanded to cover the wider context of how an enterprise infrastructure operates.

In this review for CSOonline, I cover some of the major issues for enterprises that are looking for a SOAR tool and briefly mention 11 vendors (out of dozens that offer such products). Be warned that these products are pricey, and finding true price transparency is almost impossible without engaging the vendors’ sales teams.

An intrusion detection or prevention system can mean the difference between a safe network and a nasty breach. We’ve rounded up some of the best and most popular IDS/IPS products on the market.

Detecting and preventing network intrusions used to be the bread and butter of IT security. But over the past few years, analysts and defenders have seen a slow but steady transition from these products. They have become a component of a broader spectrum of network defensive tools, such as security information and event management (SIEM) systems, security orchestration and response (SOAR) and endpoint and network management and detection systems.

For CSO, I examined the top six commercial tools and four open source ones, explain the different approaches and form factors used, and compare how intrusion prevention fits into the overall security marketplace.

Widespread adoption of generative AI across businesses has increased the need for contingencies, including AI security software. It is a tall order because AI’s reach into an organization’s infrastructure and data is enormous, meaning that there is a broad spectrum of protective measures required. This is one of the reasons why attackers are drawn to AI abuses.

I examined nine vendors’ tools that handle AI security posture management (AI-SPM). This is an emerging field and unfortunately that means most products are nowhere near as comprehensive or as integrated as they could be. You can read my buyer’s guide in CSOonline here. For your reference, here are a collection of AI SPM screenshots