Security information and event management has become essential for enterprises trying to avoid a costly data swamp while preserving visibility across massive environments. Clearly, modernizing SIEM is now less a technical upgrade than a business imperative.

The pressure clearly is on to turn sprawling telemetry into actionable intelligence, without breaking the budget. The key to this evolution is building a robust foundation before addressing the analytics layer, according to Sal Picheria (pictured, right), corporate vice president of security engineering at New York Life Insurance Co. By focusing on a high-performance data engine first, teams can ensure their security tooling remains in line with natural data growth.

“When we thought about our data journey at New York Life, we actually thought, ‘How can we find the most capable data platform to house our security data’ before we started thinking about the SIEM problem,” Picheria said. “We eventually landed on Elastic, mainly because it just wound up being a rock-solid, generic data engine for use in security. As we went down that road further, we wound up uncovering that Elastic actually has a great SIEM functionality as well. It made a lot of sense to approach it in that way. I like to describe this concept internally as we build the pyramid from the bottom up.”

Picheria and Mike Nichols (left), general manager of security at Elastic, spoke with Dave Vellante at the RSAC 2026 Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed modernizing SIEM, the concept of the cyber data lake and how hybrid search is replacing the “love-hate” relationship practitioners often have with legacy platforms. (* Disclosure below.)

Scaling visibility by modernizing SIEM

By working with Elastic, New York Life is aiming to scale visibility across growing volumes of security data without letting costs spiral out of control. That matters because, in an agentic AI era, visibility is becoming the foundation of effective defense. By modernizing SIEM architectures to support sub-second query times, organizations are in a better position to retain, search and act on more of their security data — an advantage that becomes critical as threats accelerate, Nichols noted.

“Security doesn’t work without visibility,” Nichols said. “If we are predatory in how we make you choose what data to keep and what data to drop … when that data increases, if you can’t afford what you have today and you can’t search what you have today, there’s no way you can focus on tomorrow.”

By combining classic search with vectorized search, enterprises can tailor their response to specific risks instead of forcing every problem through the same lens. Just as important, that kind of flexibility can give organizations confidence that they are working with a partner capable of adapting alongside a fast-changing threat landscape, Nichols explained.

“The adversarial usage of AI has caused rampant challenges. The zero days. Microsoft Patch Tuesday — every single Patch Tuesday is record-breaking. We see the cost of exploits going down,” Nichols said. “That has really been the compelling event to [ask], ‘Am I partnering with somebody who’s going to lead forward to the future?'”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSAC 2026 Conference:

(* Disclosure: Elastic sponsored this segment of theCUBE. Neither Elastic nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE