Alert Fatigue: as the number of entities and types of attack increase, so do the number alerts that a security analyst has to deal with. Being shown a thousand alerts that require investigating is not helpful to an analyst, it is demoralising.
MTTD/MTTR: this problem of scale also contributes to very long MTTD/MTTR.
Integration: a lack of integration to the many security-based point-solutions means having to use many different tools to analyse issues.
Complexity: some of the leading SIEM solutions are far too complicated to use, and so only a small number of staff are getting value out of them. This leads to a poor RoI.
Cost: the costs only ever increase and eventually become punitive, forcing customers to look elsewhere