SIEM was supposed to be the nerve center of every security operation — collect every log, correlate every event, surface every threat. Most organizations ended up with an expensive log warehouse that generates more noise than signal.

Recorded live from RSAC, Dan sits down with Justin Falck — Head of Product for Endpoint at the Enterprise Security Group at Broadcom — to break down where the SIEM model broke, why "magic correlation" never showed up, and what's actually replacing it in modern security operations.

In this episode:

• The original promise of SIEM and where the math fell apart
• How detection engineering became a budget black hole
• Why XDR and MDR are reshaping the SOC
• "Owning the blades" — vendor-native correlation vs. data-lake aggregation
• Where SIEM still works (and the team sizes it takes)
• A look at CBX, Carbon Black's XDR launch from RSAC

More at security.com. Subscribe, rate, and share with your fellow defenders.

Stay sharp, stay curious, stay human.