Panther’s State of SIEM report is a comprehensive look at Security Information and Event Management (SIEM) as seen through the eyes of hundreds of cybersecurity professionals currently using one of these tools. In this article, we will highlight five critical statistics from our report that provide insights into some of the challenges practitioners face today.
A SIEM is a critical piece of an organization’s security infrastructure and needs to have complete visibility into all of an organization’s security data to be effective. With full visibility into an organization’s security data, a SIEM can identify potential threats and vulnerabilities that could put an organization at risk. When a SIEM only covers a fraction of an organization’s data, it will not be able to provide the comprehensive security coverage necessary for protecting the organization.
Deploying a SIEM can take months due to the tool’s complexity, the need for extensive integration with data sources, and the writing of detection rules. Using proprietary languages can slow things down, too, if the team responsible for deploying and using the SIEM needs to gain appropriate skills. A modern SIEM tool should use an accessible language such as Python that is well-understood so that anyone with general programming skills can write detections and receive high-value alerts.
Today’s IT environments are more complex than ever, with the cloud, Kubernetes, endpoints, networks, and applications all generating terabytes of security data. SIEMs are supposed to solve the problem of ingesting all this security data and provide alerts on critical security issues that analysts can quickly investigate.
However, our report suggests that over 40% of users suffer from poor alerts, which causes alert fatigue and burnout. This statistic indicates the need for more fine-tuning of alerts to decrease the number of false positives.
The good news is that 46% believe they are paying a fair price based on the capabilities of their SIEM solution. Even still, 25% feel they are overpaying. Last year, 43% thought they were paying too much, so the trend is headed in the right direction. This trend is likely driven by an increase in cloud-native SIEM solutions, as these solutions are generally more cost-effective.
Log management systems are essential for any organization that wants to keep track of its logs and ensure their security. However, many organizations find that they need more than a SIEM in order to manage their logs effectively. SIEMs often have only limited functionality, but they must include essential features such as search and analysis tools. With these features, it is easier for organizations to find and fix any issues that may arise. Organizations should consider using a system that provides more functionality and includes these essential features to get the most out of their log management system.
The State of SIEM 2022 report provides insights into the current trends in the SIEM market. The report suggests that users increasingly turn to cloud-based solutions and that automated response capabilities are essential for mitigating threats.