From gbhackers.com
In earlier years, everyone depends on SOC (includes firewalls, WAF, SIEM,etc.) and the prioritize in building the SOC provides security and the CIA was maintained.
However, later the emerge of the attacks and the threat actors becomes more challenge and the existing SOC will not able to provide better security over the CIA. There are many reasons for the failure of the existing SOC, where it only depends on the SIEM.
Many organizations, believed integrating all the security devices like Firewall, Routers, AV and DB solutions in SIEM and the correlating the use cases will provide them 100% security over the CIA of the datas. However, it all fails, since the APT emerges.