Enterprise security information and event management (SIEM) solutions fall short when it comes to detecting and combating cyber threats.
This claim comes from CardinalOps 2023 State of SIEM Detection Risk ReportWe explored over 4,000 detection rules, 1 million log sources, and a variety of unique log source types from production SIEMs like Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic.
According to the study, SIEMs can only detect 24% of the techniques listed in the MITER ATT&CK framework, leaving organizations vulnerable to ransomware attacks, data breaches, and other cyberthreats.
The findings also reveal that SIEMs already capture enough data to potentially cover 94% of all MITER ATT&CK techniques. However, inefficient manual processes for developing new detections and data quality issues can prevent better coverage from being achieved.
For more information on the MITER ATT&CK framework, see Security breaches are inevitable, but not limited.
“The challenge here seems to be a lack of clear correlation and prioritization rather than a lack of detection capabilities,” commented Mike Parkin, senior technical engineer at Vulcan Cyber. increase.
“Until organizations can get a clear view of their threat surface, manage risk, prioritize events and focus on what matters most, there will be problems. But it can be difficult to deploy them and configure them for maximum effectiveness.”
Additionally, CardinalOps states that 12% of all SIEM rules can be broken due to data quality issues, increasing the risk of undetected attacks. Enterprises are increasingly collecting data from various security layers and implementing “detection in depth” strategies, but monitoring containers lags behind other layers, and keeping track of containers is a daunting task. is his only 32% of his SIEM.
“So how should IT security teams adapt their strategies in light of these findings?” asked John Gallagher, Vice President of Viakoo Labs. Viak.
“To achieve our goals with limited human and financial resources, it is important to focus on automation. including that plans have already been made for
For more information on SIEM, see our recently published white paper here.
