For years, Symantec (now part of Broadcom) has been a sleeping giant in the SOC. While Splunk, QRadar, and Microsoft Sentinel dominate the conversation, Symantec offers a different beast: (formerly Blue Coat Security Analytics).
In a modern SOC, you wouldn't replace your log aggregator with Symantec. Instead, you would use it as a next to your primary SIEM. Feed the alerts from Symantec into your main SIEM, but keep Symantec as the "video replay" system for deep investigation. For years, Symantec (now part of Broadcom) has
Do you run Symantec in your SOC? Have you migrated away? Share your experience in the comments. and Microsoft Sentinel dominate the conversation
Enterprise buyers evaluating Symantec's role in log management and event correlation must assess its platform integration capabilities, telemetry value, and architectural transition paths. and architectural transition paths.