State of SIEM

Insights from 400 Security Professionals Who Actively Use A SIEM Platform

Download the PDF

The SIEM market is undergoing a radical transformation fueled by the explosion of data that security teams need to monitor and analyze as more applications and infrastructure move into the cloud.

In its early days, SIEM was shaped by compliance drivers that dominated the era, like PCI and HIPAA, along with the need to satisfy log retention requirements. In recent years, however, security teams are increasingly trying to solve for threat detection and incident response use cases, where speed, scale and agility are the highest priorities.

We wanted to gain more insight into how security practitioners feel about their SIEM platform, what challenges they face, and where they’d like to see improvement. To answer these questions, we surveyed 400 IT security professionals who actively use a SIEM platform as part of their job.

Some of the Key Findings include:

  • SIEM platforms take a long time to deploy. Over 18 percent of respondents indicated that the time it took to receive high-value alerts was 12 months or longer.
  • Alert-fatigue is a challenge. Nearly a quarter of the respondents said that the biggest challenge they face with their current SIEM platform is receiving too many alerts.
  • Cost versus capabilities don’t align. Over 40 percent of the IT security professionals surveyed said their organization was overpaying for their SIEM relative to the system’s capabilities.
  • Poor network visibility. With eight possible capabilities to choose from, the most significant percentage of respondents indicated they were unsatisfied with their current SIEM platform’s network visibility capabilities.
  • Big data and scalability are most important. Nearly 30 percent — the largest group — said that big data infrastructure and scalability would be the two most important capabilities if they were evaluating a new SIEM vendor.