Modern security information and event management (SIEM) platforms have become the cornerstone of security operations centres (SOCs) across Asia. Frost & Sullivan’s Modern SIEM Market, Global, 2024–2029 report forecasts that the global market will expand from US$7.13 billion in 2024 to US$13.55 billion by 2029, delivering a compound annual growth rate (CAGR) of 13.7%.
A SIEM analyses event data in real time for early detection of targeted attacks and data breaches, while also logging, storing, and reporting on data for forensics, incident response, and regulatory compliance. It aggregates, normalizes, and correlates log data from diverse security devices and applications to provide actionable insights.
Asia-Pacific (APAC) is forecast to record the strongest regional growth, propelled by rapid digital transformation, surging ransomware and state-sponsored attacks, and accelerating cloud adoption.
Seonji Lee, industry analyst at Frost & Sullivan, captures the shift: “Modern SIEM is no longer a log management tool – it has become the foundation of next-generation SOC operations. Organisations are prioritising AI-driven automation, real-time analytics, and cloud-native scalability to manage rising data volumes, address cybersecurity skills shortages, and respond proactively to advanced and zero-day threats.”
Skills shortage: A force multiplier imperative
Across APAC, the talent crisis remains acute. Fortinet’s 2025 Cybersecurity Skills Gap Report notes that APAC organisations are most likely (76%) to say the skills shortage creates additional organisational risk—the highest rate globally.
With AI and cloud security topping the list of hardest-to-fill roles, SOC teams are stretched thin. SIEM analysts spend hours triaging alerts, while heads of SOC struggle to retain staff amid burnout and competing demands from digital transformation projects.
Fortinet’s country head for Singapore and Brunei, Jess Ng, explains that as cyber threats grow more sophisticated and increasingly AI-driven, organisations are being asked to improve security outcomes while operating with constrained talent pools.
Looking at the technology itself, she posits that SIEM platforms must evolve beyond traditional log aggregation and monitoring to become intelligent, AI-powered operational platforms within the modern SOC.
According to the Fortinet head, this means embedding AI-assisted and agentic capabilities into resilient, scalable architectures that reduce complexity while improving precision. She further posits that a next-generation SIEM should be able to autonomously form investigative hypotheses, execute contextual queries, enrich and correlate events, and prioritise alerts based on real risk.
“It should guide analysts through structured workflows with clear, actionable recommendations,” she adds.
Jess Ng
“These agentic capabilities are not designed to replace analysts, but to augment them; acting as a force multiplier that enhances consistency, accelerates response times, and allows security teams to focus on higher-value decision-making.” Jess Ng
David Allott, Veeam’s APJ field CISO, echoes the automation imperative from a practical SOC standpoint: “SIEM vendors can help alleviate skills shortages by offering broad and seamless integration of automation and orchestration connectors to streamline incident response workflows and reduce manual efforts.
“Our research shows nearly 90% of ransomware attacks target backup repositories, and by leveraging Veeam bi-directional SIEM Apps, backup intelligence and TTP findings can be ingested into the SIEM (e.g., MS Sentinel or Palo Alto Cortex), offering SOC analysts advanced visibility, analytics, and playbooks to automate and accelerate threat detection and response.”
He further elaborates that SOC analysts can act on correlated alerts from within the SIEM to trigger automated backup actions and support forensics preservation efforts.
Navigating Asia’s fragmented regulatory landscape
Asia’s regulatory mosaic—spanning the PDPA in Singapore, China’s Cybersecurity Law, India’s DPDP Act, and Indonesia’s PDP Law—demands precise data handling practices.
CISOs must satisfy differing data residency rules, breach notification timelines and sector-specific mandates while maintaining unified visibility.
“Across Asia, organisations operate within a complex landscape of varying data residency requirements, breach notification timelines, sector-specific mandates, and differing levels of regulatory maturity,” comments Fortinet’s Ng.
She suggests one practical approach is to enable regional data segmentation with centralised visibility. “A modern SIEM platform should support configurable data storage models, granular role-based access controls, adaptable retention policies, and flexible reporting aligned to recognised regulatory frameworks,” suggests Ng.
She explains that this enables organisations to maintain unified security operations and consistent threat visibility, while implementing the governance and compliance controls required across diverse regulatory environments.
Allott suggests adding a compliance-automation angle: “SIEM solutions can be tailored for Asia’s diverse regulatory environments by offering automated framework compliance mapping and dashboards, such as those enabled by Veeam, to enforce region-specific controls and reporting requirements dynamically.
David Allott
“SIEM solutions ingest data from Data Security Posture Management solutions (such as Securiti AI by Veeam), enabling integrated, real-time alerting and reporting on regulatory compliance and policy violations.” David Allott
“This approach minimises manual compliance efforts, enables continuous automated assessment of data risk across the entire organisation, and ensures consistent alignment with local laws and industry standards,” expounds the CISO.
Cloud-native SIEM: The preferred architecture for APAC SOCs
Cloud-based SIEM deployments are dramatically outpacing on-premises solutions. Frost & Sullivan projects cloud SIEM revenue to grow at a 17.5% CAGR (2024–2029), compared with just 3.4% for on-premises SIEMs.
Subscription models and elastic scaling suit APAC’s hybrid and multi-cloud reality, where organisations juggle AWS, Azure, Alibaba Cloud and local providers. Heads of SOC report faster deployment, lower upfront capital expenditure and easier integration with XDR platforms.
The analyst, however, reminds us that challenges such as data sovereignty concerns, cross-border query latency, and the need for consistent policy enforcement across regions persist.
From alert fatigue to agentic insight
On the front line, SIEM analysts in 2026 welcome GenAI features such as natural language querying and automated investigation summaries. What once required hours of manual correlation now surfaces in minutes.
Still, analysts caution that poor model training or opaque AI decisions can erode trust. The most effective deployments combine agentic AI with human oversight—exactly the “force multiplier” Ng describes.
Persistent risks and operational realities
Despite progress, risks remain. Ransomware continues to target backups (nearly 90% per Veeam data), state-sponsored campaigns exploit regional geopolitics, and cloud misconfigurations multiply attack surfaces.
Understaffed SOCs risk delayed detection; regulatory fines for non-compliance can reach millions. CISOs in BFSI, government and manufacturing sectors cite the convergence of SIEM with XDR and managed services as essential to closing these gaps.
Path Forward: Managed services and AI innovation
Frost & Sullivan identifies three growth opportunities: advancing AI and behavioural analytics, expanding managed SIEM/MSSP offerings, and scaling in high-growth regions like APAC.
Leading vendors are consolidating through acquisitions while emerging players focus on regional nuance and managed services—precisely what cash-strapped Asian organisations need.
In 2026, the modern SIEM conversation in Asia has shifted from “Do we need it?” to “How do we make it intelligent, compliant and autonomous?”
For CISOs, SOC leaders and analysts alike, the platforms that best embed agentic AI, seamless automation and regulatory flexibility will define resilience in an increasingly hostile threat landscape.
Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events.
Previous Roles
He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role.
He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications.
He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer.
He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific.
He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific.
He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.
