Overcome These 3 Challenges to Achieve SIEM Success
Security Information and Event Management (SIEM) solutions can take much of the tedium and guesswork out of monitoring, managing, and prioritizing critical security events. That’s why increasing numbers of cybersecurity professionals are embracing SIEM.
In the 2022 SIEM Report from Cybersecurity Insiders, 80% of cybersecurity professionals consider SIEM to be very important or extremely important to their organization’s security posture — an increase of 6 percentage points from the 2021 survey. Likewise, 85% rate their SIEM solutions as effective in identifying and remediating threats, a 5 percentage point increase.
When asked about the biggest hurdles in maximizing the value of a SIEM platform, respondents pointed to lack of trained staff to operate a SIEM solution effectively (41%), too many false positives (37%), and lack of budget, cited by 34%.
Robust SIEM solutions can help organizations surmount these challenges, creating value in monitoring and alerting that returns benefits that far outweigh the costs of SIEM software. This blog addresses the three main hurdles and how to overcome each.
Lack of Skilled/Trained Staff to Operate Effectively
Hiring and retaining cybersecurity personnel was problematic even before the pandemic hit. But the Great Resignation drove home the point that companies of all sizes and in all industries continue to struggle with the issue of sufficient staff. Independent research shows nearly 600,000 job openings in the US for information security analysts or for jobs that require cybersecurity skills. On average, jobs in cybersecurity take 21% longer to fill than other positions in IT.
It’s no wonder, then, that companies express frustration in finding sufficiently trained staff to effectively operate SIEM solutions. A recent study from Gartner notes that IT executives see shortage of talent as the most significant barrier to the adoption of emerging technologies, with 64% expressing that sentiment, up from just 4% in 2020. That response far outstripped other responses such as implementation costs (28%) or potential security risks (8%).
At the same time, though, nearly 60% of IT executives said they were increasing technology spend in 2021, compared with 20% the previous year.
A SIEM solution makes monitoring easy by integrating servers, databases, networking devices, and custom data sources into a common format that security analysts can understand. Analysts don’t need specialized product knowledge of every technology in an environment to effectively manage alerts and events.
Too Many False Positives
If you subscribe to alerts from your favorite news source on your phone, how many of those alerts are truly newsworthy and how many leave you saying to yourself, “Huh?”
More than one-third of respondents to the 2022 SIEM Report mentioned too many false positives as a hurdle to SIEM adoption. Organizations report receiving more than 50 alerts a day from web applications and API security tools — returning a false positive rate of 45%, according to a recent study. Understandably, 90% of respondents say the high rate of false positives impacts the security team negatively.
When every security event carries the same weight, alerts become just more noise, which can leave analysts unattuned to emerging threats and organizations vulnerable to increasingly sophisticated cyberattacks.
SIEMs solution should aggregate alerts from the systems under review, presenting them on a single dashboard and prioritizing them based on criticality. Critical events are escalated to prompt immediate review, lessening alert fatigue and focusing analyst attention where it’s most needed, while an audit trail logs all alerts for future reference and processing. A SIEM solution should include alert filters to customize and fine tune the data to meet the needs of your organization.
Lack of Budget
Security Information and Event Management solutions serve as frontline indicators of the health and safety of IT environments. Yet, 34% of respondents to the 2022 SIEM Report indicated lack of budget as a hurdle to SIEM adoption.
Those who have adopted SIEM platforms cite such benefits as more efficient security operations (21%), faster detection and response to security events (14%), and better visibility into threats (13%). In fact, 84% report that SIEM solutions help reduce security breaches.
The business case for SIEM starts with a reduced incidence of breaches and the cost avoidance associated with each. In 2021, the average cost of a data breach increased to $4.24 million, a 10% rise over the previous year and the highest cost ever recorded. If remote work was a factor in the breach, the cost rises to nearly $5 million. Breach costs could be significantly higher, depending on industry, with much higher costs for companies in financial services and healthcare, for example.
Breach costs include detection and remediation but can also encompass loss of revenue during/after the incident and loss of reputation among consumers that can last for many years.
Among those with SIEM solutions, 78% report detecting security events within hours, including 50% that are detected within minutes. Compare that to an average detection time of 287 days among breached companies, and the value of SIEM solutions becomes clear.
Find a SIEM Solution That Accomplishes Your Business Goals
Security Information and Event Management is a proven, effective IT security solution, monitoring your company’s security infrastructure and providing alerts when events occur to promote real-time threat reporting and compliance. As the number of security incidents and breaches continue to rise, it’s critical to evaluate SIEM options to find a solution that best fits the unique requirements of your business.
Get More Insight from the 2022 SIEM Report
Learn how cybersecurity professionals are using SIEM in their environments in the 2022 SIEM Report by Cybersecurity Insiders.