SIEM in the Light of Researches, Surveys and Polls
With the rapid growth of information technology, the security of information systems has become a top priority for many organizations. Security Information and Event Management (SIEM) is a security solution that collects, analyzes, and manages security-related data from multiple sources to help organizations identify potential security threats and respond to them in a timely manner. The purpose of this article is to explore SIEM in the light of researches, surveys and polls and to examine its effectiveness in improving the security posture of organizations.
Overview of SIEM:
SIEM is a security solution that collects, aggregates, and analyzes log data from various sources within an organization’s network, such as firewalls, intrusion detection systems, servers, and other network devices. It helps organizations to detect and respond to security threats on time by providing real-time alerts and notifications to security personnel.
SIEM Research, Surveys and Polls:
Several research studies and surveys have been conducted to evaluate the effectiveness of SIEM in improving the security of organizations. An academic study conducted at Riga Technical University (Riga, Latvia) depicts “Why SIEM is Irreplaceable in a Secure IT Environment?” [1].
A survey conducted by the SANS Institute in 2022 found that SIEM was the selection for event data correlation [2].
Microsoft’s 2022 Digital Defense Report findings that revealed organizations suffering from ransomware attacks have significant gaps in their security tooling. Specifically, 60% did not invest in SIEM technology leading to monitoring silos, limited ability to detect end-to-end threats, and inefficient security operations [3].
The AlienVault Infographic and “2019 SIEM Survey Report” revealed 76 percent of cyber security professionals reported their organization’s use of SIEM tools resulted in a reduction in security breaches [4].
The 2021 SIEM Survey Report [5] by Core Security, a HelpSystems company key findings include:
• 74% of IT security professionals consider SIEM very to extremely important to their organization’s security posture
• 80% rate their SIEM as effective in identifying and remediating cybersecurity threats
• The key benefits of SIEM include better visibility, followed by faster detection of and response to security events, and more efficient security operations
• Over three quarters of respondents confirmed that their use of SIEM improved their ability to detect and respond to threats (76%)
In 2022 SIEM Survey Report [6] by the same company finds that:
• 80% of IT security professionals consider SIEM very to extremely important to their organization’s security posture. An increase of six percentage (%6) points from last year
In addition to surveys, there are also polls. What do the polls say about SIEM? I am sharing the results of the three polls below.
Challenges of SIEM:
Despite its effectiveness, SIEM implementation can present several challenges to organizations. One of the main challenges is the complexity of the system, which requires expertise in both security and data analysis. Organizations may also face challenges in selecting the appropriate SIEM solution, as there are many vendors offering different features and capabilities. Another challenge is the cost of implementing and maintaining the system, which can be significant for smaller organizations.
Conclusion:
In conclusion, SIEM is a critical security solution for organizations, and research studies and surveys have shown that it is effective in improving the security of organizations. SIEM can help organizations to detect and respond to security threats in a timely manner, and to improve their incident response times. However, SIEM implementation can present several challenges to organizations, including complexity, vendor selection, and cost. Despite these challenges, the benefits of implementing SIEM outweigh the costs, and organizations should consider implementing SIEM as part of their overall security strategy.
References:
1. https://ieeexplore.ieee.org/document/8732173
2. https://www.sans.org/white-papers/sans-2022-soc-survey/
3. https://www.microsoft.com/en-us/security/business/microsoft-digital-defense-report-2022
4. https://cybersecurity.att.com/resource-center/analyst-reports/siem-survey-report
6. https://static.fortra.com/core-security/pdfs/reports/cs-siem-report-2022.pdf
7. SIEM was the most effective security technology for detecting and preventing security incidents, https://www.forbes.com/sites/forbestechcouncil/2021/10/20/the-future-of-siem-where-will-the-market-be-in-five-years/?sh=39188f9d138c
