It's Time to Rethink the Centralized SIEM Model

Vega's Eli Rozen on Why AI-Based Detection Systems Need a Modern Architecture Rahul Neel Mani (@rneelmani) • December 10, 2025

Threat detection systems have traditionally aggregated telemetry into a single repository, but that model can no longer keep pace with the scale, cost and diversity of enterprise security data, said Eli Rozen, co-founder and CTO at Vega.

See Also: A CISO’s Perspective on Scaling GenAI Securely

The physics of the data itself is working against legacy security information and event management systems. Enterprises relying on "monolithic SIEMs" are either forced to ingest data logs or leave them out altogether, weakening threat detection programs and hindering the ability to investigate incidents quickly, he said.

"You have to first solve the data piece," Rozen said. "AI is always as good as the data it can access -- and you cannot assume that all the data is going to be in one place ...