In a modern SOC, you wouldn't replace your log aggregator with Symantec. Instead, you would use it as a next to your primary SIEM. Feed the alerts from Symantec into your main SIEM, but keep Symantec as the "video replay" system for deep investigation.
Symantec's role in a Security Operations Center (SOC) is evaluated based on its ability to feed and integrate with SIEM platforms: Symantec XDR: A Streamlined Approach to Enterprise Security In a modern SOC, you wouldn't replace your
Symantec's SIEM solution is a robust and comprehensive offering that provides organizations with advanced security monitoring, threat detection, and incident response capabilities. While it may have some complexities and costs associated with deployment and management, the benefits of the solution far outweigh the drawbacks. Overall, Symantec's SIEM solution is a strong contender in the security operations market, and organizations seeking to enhance their security posture should consider it. Symantec's role in a Security Operations Center (SOC)