Cybersecurity Insiders 2020 SIEM Report

2020 SIEM Report

Text

Introduction

Security Information and Event Management (SIEM) is a powerful technology that allows security operations teams to collect, correlate and analyze log data from a variety of systems across the entire IT infrastructure stack to identify and report security threats and suspicious activity.

The 2020 SIEM Survey Report represents one of the most comprehensive surveys on SIEM to date, designed to explore the latest trends, key challenges, and solution preferences for SIEM.

Key findings include:

• 75% believe SIEM is very important to extremely important to their organization’s security posture.

• 82% rate the effectiveness of their SIEM positively.

• Top three benefits to SIEM are faster detection and response, better visibility, and more efficient security operations.

• 74% have seen a reduction in security breaches as a result of using SIEM.

Text

 Confidence In Overall Security Posture 

A majority of cybersecurity professionals (56%) feel, at best, only somewhat confident in their organization’s overall security posture.

Image
How confident are you in your organization's overall security posture?

 

 

Image
Confidence In Overall Security Posture Graphic

 

Text

 Importance of SIEM

Among the various security controls and technologies, SIEM plays a critical role in organizations’ security postures. For 75% of IT security professionals, SIEM is very to extremely important.

Image
How important is SIEM to your organization's security posture?

 

 

Image
75% Believe SIEM is very important to extremely important.

 

Text

 SIEM Use

Nearly seven out of 10 organizations in our survey already use SIEM platforms for security information and event management. Twenty-three percent are planning to implement SIEM in the future. Organizations that actively use SIEM technology report higher confidence in their overall security posture (53%) than organizations that do not use SIEM (44%).

Image
Does your organization actively use a SIEM platform or service?

 

 

Image
66% "YES, we use SIEM", 23% "No, but SIEM is planned in the future"

 

Text

 SIEM Delivery

The majority of SIEM deployments are still delivered on-premises (51%). However, hybrid deployments of SIEM with on-premises and service-based components are gaining momentum (25%). A four percent increase from last year’s report (21%).

Image
Is your SIEM planned/ delivered as a managed service or software on premises?

 

 

Image
51% On-premises, 24% Delivered as a service, 25% Hybrid

 

CTA Text

Learn why SIEM solutions have become integral to many organizations’ security portfolios.

READ THE BLOG

Text

 SIEM Effectiveness

A large majority (82%) rate the effectiveness of their SIEM positively in its ability to identify and remediate cyber threats.

Image
How would you rate your organization's effectiveness in using SIEM to identify and remediate cyber threats?

 

 

 

Image
82% rate the effectiveness of their SIEM positively

 

Text

 SIEM Benefits

When asked about the main benefits organizations derive from their SIEM platform, the ability to provide faster detection of and response to security events is most important (17%). Better visibility into threats jumped to the second place this year (15%), followed by more efficient security operations (13%) – all key elements of the core value proposition of SIEM.

Image
What main benefit is your SIEM platform providing?

 

 

Image
17% faster detection response, 15% better visibility into threats, 13% more efficient security operations

 

Text

 SIEM Reduces Breaches

Nearly three quarters of respondents confirmed that their deployment and use of SIEM resulted not only in improved ability to detect threats but also in a measurable reduction of security breaches for their organization (74%). This is the ultimate confirmation of the technology’s overall value and effectiveness.

Image
Has the occurrence of security breaches in your organization changed as a result of using SIEM?

 

 

Image
74% Report SIEM resulted in reduction of security breaches
Image
How has your ability to detect threats changed after implementing SIEM?

 

 

Image
75% confirm SIEM improved ability to detect threats

 

Text

 Speed of Detection 

SIEM users confirm that eight out of 10 security events are detected within hours – more than half of them within minutes (57%). It is reassuring to see only a very small fraction of respondents report their SIEM detects security events only after weeks or months of dwell time.

Image
How quickly can your SIEM platform typically detect possible security events or compromise?

 

 

Image
38% of respondents say within minutes

 

Text

 Business Impact

When asked about the negative impact security incidents had on an organization’s business, reduced employee productivity (32%) and negative impact on IT staff resources (30%) are the most frequently highlighted areas. Surprisingly, few respondents mentioned regulatory fines (5%), customer loss (8%) or negative publicity (10%) as a result of security breaches.

Image
What negative impact did your business experience from security incidents in the past 12 months?

 

 

Image
Respondents noticed on average a 32% reduction in employee activity and a 30% deployment of IT resources to triage and remediate the issue

 

CTA Text

Learn more about how Security Information and Event Management (SIEM) can help your organization.

WATCH A DEMO

Text

 Attack Detection

Organizations report that their SIEM platform is most effective at detecting unauthorized access (50%), followed by advanced persistent threats (40%) and malware (38%).

Image
Which types of attacks is SIEM technology most effective in detecting?

 

 

Image
50% of respondents indicated unauthorized access, 40% indicated Advanced Persistent Threats & 38% indicated Malware

Hijacking of accounts, services or resources 33% | Phishing attacks 31% | Ransomware 31% | Zero-day attacks (against publicly unknown vulnerabilities) 25% | Cryptojacking 15% | Other 5%

Text

 SIEM Integration

SIEM platforms are typically highly integrated with other systems and applications to increase the breadth of data that is analyzed to alert and report on security events. The most common integrations are with intrusion detection and prevention systems (59%), followed by next-generation firewalls (54%) and application logs (49%).

Image
What systems, services and applications are integrated with your SIEM platform?

 

 

Image
59% of respondents identified Intrusion Detection, 54% noted Next Generation Firewall & 49% said Applications

Data Loss Prevention (DLP) 40% | Vulnerability management tools (scanners, configuration and patch management, etc.) 39% | Vulnerability Management (VM) 39% | Identity and Access Management (IAM) 36% | User behavior monitoring 36% | Threat intelligence from security vendors 35% | Network Access Control (NAC) 34% | Static endpoints (PC, endpoint protection, log collectors) 33% | Security intelligence feeds from third-party services 33% | Network packetbased detection 30% | Relational databases (transactions, event logs, audit logs) 30% | Unified Threat Management (UTM) 29% | Dedicated log management platform 29% | Cloud activity 29% | Netflow 29% | Endpoint detection and response 28% | Mobile endpoints (mobile devices, MDMs, mobile apps) 28% | Whois/DNS/Dig and other Internet lookup tools 26% | Network-based malware sandbox platforms 24% | Anti Denial of Service solution (Anti DDoS) 24% | Asset discovery 18% | SIEM technologies 17% | Management systems for unstructured data sources (NoSQL, Hadoop) 16% | Social media applications (Facebook, Twitter) 13% | Other 5%

Text

 SIEM Evaluation Criteria

As organizations evaluate new SIEM platforms, some decision criteria are more important than others. Cost considerations lead the list (65%), followed closely by product performance and effectiveness (64%) and product features (59%). Surprisingly, customer reviews (20%) are less important for organizations evaluating SIEM solutions in the market. (Customer reviews 20% | Other 5%)

Image
What criteria do you consider most important when evaluating a SIEM solution?

 

 

Image
65% of respondents note cost, 64% product performance and effectiveness, and 59% product features

 

 

Text

 SIEM Use Cases 

The survey reveals that the most important use case for SIEM is monitoring, correlation and analysis of event data across multiple systems and applications (72%), followed by aiding with the discovery of external and internal threats (59%) and user monitoring (49%).

Image
What are the most important use cases you utilize your SIEM platform for?

 

 

Image
72% of respondents indicated monitoring, correlating and analyzing activity across multiple systems and applications & 59% said to discover external and internal threats

Provide analytics and workflow to support incident response 39% | Monitor a combination of cloud and on-premises infrastructure (as opposed to cloud-only or on-premises-only) 35% | Detect industry/vertical specific attacks (e.g. healthcare break-the-glass, financial fraud) 34% | Detect threats in cloud architecture including cloud access control (CASB) 31% | Other 1%

Text

 Methodology & Demographics

This report is based on the results of a comprehensive online survey of cybersecurity professionals to gain more insight into the latest trends, key challenges and solutions for SIEM. The respondents range from technical executives to managers and IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries. 

Image
Demographics

 

 

CTA Text

New insights are available, see what's changed in the 2021 SIEM Report.

READ THE 2021 SIEM REPORT