Five Takeaways from the 2019 SIEM Study

We recently released the findings of the Security Information and Event Management (SIEM) study conducted by Cybersecurity Insights. The study surveyed over 345 IT and Security executives and practitioners, with 45% of them small and mid-sized firms with 999 or fewer employees and the balance comprised of enterprise organizations with 1,000 or more employees. This study provides insights into the trends, key challenges and solution preferences regarding continuous monitoring and SIEM solutions.

Some of the Top Findings from the SIEM Study include:

1. Flexible Delivery Approaches Win Out with IT Security Teams
   Organizations continue to utilize a range of deployment approaches for SIEM solutions, balancing requirements for hands-on control, operating expense funding, and staffing models. According to respondents, 54% have a SIEM that is deployed on-premises with another 25% delivered as a service. Over 20% use a hybrid approach with both on-premises deployment with an “as a service” model.
    
2. SIEM Provides A Range of Security and Compliance Benefits
   Twenty-three percent of those surveyed say faster detection and response is their top SIEM benefit with 14% of respondents noting advantages such as more efficient security operations in the #2 spot with better visibility into threats accounting for the # 3 benefit. Tied for the # 4 spot at 8% each are: better prioritization of indicators of compromise (IoCs), a better compliance posture, and better threat analysis. The survey documented a high level of user satisfaction with their SIEM solution overall.
    
3. SIEM Technology Effectively Detects Advanced Attacks
   IT and Security decision makers and practitioners recognize the role SIEM plays in detecting sophisticated and ever-evolving attacks. Survey respondents across a wide variety of verticals and organizational sizes consider SIEM most effective for #1 detecting unauthorized access, # 2 identifying advanced persistent threats (APTs), and # 3 insider attacks, whether intentional or done by careless insiders. It’s worth noting that the EventTracker SIEM platform, coupled with the EventTracker SOC service, successfully detects and responds to these external and internal attack types.
    
4. Staff-Issues the Largest Challenge for SIEM
   Study respondents outlined the biggest hurdles to maximizing the value of their SIEM platform. Forty percent stated that their most significant challenge is a lack of skilled and trained staff to operate the SIEM effectively. Another 34% each responded that having to manually create and refine rules was challenging with an identical number impacted by a lack of budget. It’s not surprising that staff and skills shortages are a challenge, given that there will be 3.5 million unfilled cybersecurity positions by 2021, according to research firm Cybersecurity Ventures.
    
5. Nearly Half of SIEM Budgets are Rising
   IT Security budgets overall have been rising in recent years as organizations place increased focus on detecting and stopping threats and enhancing their overall risk posture. But businesses face a myriad of options to choose from regarding security products and services. While over 50% expect their SIEM budgets to remain unchanged, a significant 40% anticipate increases of up to 20% over the coming 12 months.  

Key Recommendations for IT Security Executives and Practitioners:

Here are some practical recommendations to improve your network visibility, threat protection, and overall security operations.

Add Comprehensive Visibility to Protect Infrastructure, Assets, and Data
Over 30% of research respondents do not currently have SIEM security services that provide 24/7 visibility and correlation of actions with known threats. Many compliance mandates such as PCI DSS and best practice frameworks such as the SANS Top 20 recommend SIEM monitoring. While moving to a SIEM platform may seem daunting, our Zero to SOC paper outlines a practical and affordable way to achieve tailored protection that detects threats quickly without breaking the bank.

Revisit Your SIEM Performance and Organizational Fit
Onboarding a SIEM solution requires time, funding, expertise, and on-going tuning; it is not a “set it and forget it” type of application. Some short-staffed firms find that the departure of their log monitoring analyst results in the platform being shelved or abandoned by a lack of resources. If you have “shelfware” or find that your SIEM effectiveness is not where you’d like, it’s time to rethink your approach. Co-managed SIEM solutions like EventTracker’s offer end users the control and joint policy implementation required along with the outside expertise and threat intelligence they lack.

Enhance Your Security Maturity Beyond the Compliance Checkbox
Compliance is often the initial trigger that prompts organizations to invest in SIEM monitoring.  While meeting compliance mandates is essential, additional SIEM solution benefits include the ability to uncover threats proactively and take action quickly. SIEMs such as EventTracker SIEMphonic incorporate advanced threat protection such as intrusion detection, threat intelligence, and user behavior analytics. A SIEM enables organizations of all sizes to understand their risks fully, prioritize actions and make better and faster security decisions. Take a strategic top-down view of risk management and use SIEM visibility and reporting to guide efforts such as insider threat assessment.