For years, Symantec (now part of Broadcom) has been a sleeping giant in the SOC. While Splunk, QRadar, and Microsoft Sentinel dominate the conversation, Symantec offers a different beast: (formerly Blue Coat Security Analytics).
When security teams hear "Symantec," they typically think of endpoint protection (SEP) or web gateways (ProxySG). But what about Security Information and Event Management (SIEM)? For years, Symantec (now part of Broadcom) has
Final thought: If Broadcom invests in cloud scalability and log parsing, Symantec could dethrone the big players. But as of today, it remains the best "second SIEM" you'll ever buy. Do you run Symantec in your SOC? Have you migrated away? Share your experience in the comments. But what about Security Information and Event Management
(10/10 for packet forensics, 4/10 for cloud log management). Do you run Symantec in your SOC
In a modern SOC, you wouldn't replace your log aggregator with Symantec. Instead, you would use it as a next to your primary SIEM. Feed the alerts from Symantec into your main SIEM, but keep Symantec as the "video replay" system for deep investigation.
Is it a true SIEM? And more importantly, can it compete? Here is an operational evaluation of Symantec for SIEM. To understand Symantec’s SIEM, you must understand its heritage. It came from Blue Coat (acquired by Symantec in 2016, then absorbed by Broadcom).