top of page

History of SecOps and the evolving threat landscape

1999-2003

2004-2007

2008-2010

2011-2013

2014-2015

2016-2017

2018-2019

2020-2021

2022-2023

2024-now

SIEM Emerges

  • 1999: Netforensics founded

  • 2000: ArcSight founded

  • 2001: Q1 Labs founded (QRadar)

  • 2003: ArcSight ESM launched - one of the first true SIEM platforms

  • Basic log aggregation and correlation

Threats:

  • Code Red, Nimda worms, SQL Slammer worm

  • Rise of organized cybercrime

  • Early botnets emerge

SIEM Market Consolidation

  • 2005: Gartner coins "Security Information and Event Management" officially

  • 2005: LogRhythm enter market

  • 2007: RSA Envision launched

  • 2008 AlienVault launched (OSSIM)

  • Compliance drivers (SOX, PCI DSS) fuel SIEM adoption

Threats:

  • TJX breach, Zeus banking Trojan, Storm botnet

  • Early APT activity detected

The Rise of Advanced Persistent Threats​​​

  • 2010: HP acquires ArcSight

  • SIEMs become enterprise standard

Frameworks:

  • 2006: MITRE begins ATT&CK research (internal)

  • Kill Chain concept emerges from Lockheed Martin

Threats:

  • Operation Aurora (targeting Google, Adobe), Stuxnet discovered - first major state-sponsored cyber weapon, APT1 (China) actively targeting Western companies

  • Wikileaks disclosures

APT Awakening and Framework Evolution

  • 2011: McAfee integrates Nitro Security

  • 2011: IBM acquires Q1 Labs

  • 2012: Splunk enters SIEM market

  • 2012: Elasticsearch founded 

  • 2013: MITRE ATT&CK framework publicly released (initially for enterprise)

  • Big Data technologies start influencing SIEM architecture

Frameworks:

  • 2011: Lockheed Martin publishes Cyber Kill Chain

  • 2013: MITRE ATT&CK for Enterprise v1.0 released

  • Structured approach to adversary tactics and techniques emerges

Threats:

  • Sony PlayStation Network breach (77M accounts), RSA SecurID breach, Target breach POS malware, Mandiant APT1 report exposes Chinese state actors

  • Snowden revelations, CryptoLocker ransomware emerges

Nation-State & Ransomware Explosion

  • 2014: LogRhythm NextGen SIEM Platform

  • 2014: Elastic Stack adopts security use cases

  • 2015: Elasticsearch Watcher (alerting) introduced

  • User and Entity Behavior Analytics (UEBA) enters market

  • Threat intelligence feeds become standard

Frameworks:

  • 2015: MITRE ATT&CK expands with new tactics and techniques

  • Framework adoption begins in enterprise security programs

  • Detection-as-Code concepts emerge

Threats:

  • Sony Pictures hack (North Korea), JP Morgan Chase breach, Home Depot breach, OPM breach

  • Ransomware becomes epidemic (CryptoWall, TeslaCrypt)

Cloud Migration & Framework Maturity

  • 2016: Elastic acquires Prelert (ML capabilities)

  • 2017: Microsoft acquires Hexadite (SOAR capabilities)

  • 2017: Elastic Security (formerly X-Pack Security) announced

  • 2017: Google Chronicle launched

  • 2017: Securonix and Exabeam enter SIEM market

  • Cloud-native SIEM solutions emerge & Cloud First Architectures

  • SOAR platforms mature (Phantom, Demisto)

  • Machine Learning integration in SIEM

  • API-driven security orchestration

Frameworks:

  • 2017: MITRE ATT&CK for ICS (Industrial Control Systems) released

  • 2017: MITRE ATT&CK adoption accelerates in SOCs

  • Detection engineering discipline formalized around ATT&CK

  • Threat hunting methodologies standardize on ATT&CK

Threats:

  • DNC hack (Russia - Fancy Bear), Mirai botnet (IoT devices), WannaCry ransomware, NotPetya (Russia), Equifax breach, CCleaner supply chain attack

EDR/XDR Era & ATT&CK Becomes Standard

  • 2018: Splunk acquires Phantom (SOAR)

  • 2018: Elastic SIEM beta launched

  • 2019: Elastic acquires EndGame EDR

  • 2019: Microsoft Sentinel (Azure Sentinel) launched

  • XDR concept emerges (Extended Detection & Response)

  • EDR becomes standard requirement

Frameworks:

  • 2018: MITRE ATT&CK for Mobile released

  • 2019: MITRE ATT&CK Navigator tool released

  • 2019: ATT&CK becomes de facto standard for threat intelligence

  • MITRE ATT&CK Evaluations program launches (vendor testing)

  • Detection-as-Code and Sigma rules align with ATT&CK

Threats:

  • Marriott breach, Capital One breach, Baltimore ransomware attack, Ryuk, Sodinokibi ransomware families

  • Supply chain attacks increase

Pandemic-Driven Transformation

  • 2020: Elastic Security becomes free and open

  • 2021: Cloud-native SIEM dominates new deployments

  • Detection Engineering becomes formal discipline

  • MITRE ATT&CK framework standard in all major platforms

  • Zero Trust architecture mainstream

  • Cloud workload protection emerges

  • Remote work drives endpoint security focus

Frameworks:

  • 2020: MITRE ATT&CK v8 with major updates

  • 2021: MITRE D3FEND framework released

  • 2021: MITRE Engage released

  • ATT&CK-aligned detection content becomes industry standard

  • NIST Cybersecurity Framework 1.1 widely adopted

Threats:

  • SolarWinds supply chain attack, FireEye tools stolen, Colonial Pipeline ransomware, Kaseya VSA supply chain ransomware, Microsoft Exchange ProxyLogon, Log4Shell vulnerability

  • Ransomware-as-a-Service (RaaS) peak

AI & Consolidation​

  • 2022: Splunk announces AI-driven security

  • 2022: Elastic introduces AI Integrations

  • 2023: Google SecOps (Chronicle rebranded)

  • Generative AI enters security tools

  • Security Data Lakes gain traction

  • Large Language Models (LLMs) for security analysis

  • Automated detection engineering based on ATT&CK

Frameworks:

  • 2022: MITRE ATT&CK v12 - continued evolution

  • 2023: MITRE ATT&CK for Containers released

  • 2023: ATT&CK integration in all major SIEM/XDR platforms

  • Frameworks drive automated detection engineering

  • NIST Cybersecurity Framework 2.0 released

Threats:

  • Russia-Ukraine cyber warfare, LastPass breach, MOVEit supply chain attack, Progress Software vulnerabilities exploited, ChatGPT used for phishing/malware

  • Increased state-sponsored activity (China, Russia, North Korea, Iran)

AI-Powered Security & Framework-Driven Detection

  • 2024: Elastic Security 8.x with AI Assistant

  • 2024: Microsoft Copilot for Security GA

  • 2024: Splunk AI capabilities expand

  • 2024: Google SecOps AI innovations

  • Autonomous SOC concepts emerge

  • AI/ML-driven threat detection standard

  • Automated investigation and response

  • Cloud-native architecture dominates

  • Attack surface management integration

  • Continuous Threat Exposure Management (CTEM)

  • ATT&CK-aligned detection engineering automated

Frameworks:

  • 2024: MITRE ATT&CK v15+ with continuous updates

  • ATT&CK-driven automation in detection engineering

  • Framework-based threat intelligence sharing standard

  • Integration of MITRE frameworks (ATT&CK, D3FEND, Engage) in platforms

Current Threat Landscape:

  • Multiple state-sponsored campaigns

  • Ransomware groups evolving tactics

  • Supply chain attacks sophisticated

  • AI-generated phishing, deepfakes, exploits, detection rules

  • Cloud infrastructure targeted

  • Identity-focused attacks

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page