This morning, SIEM solution provider AlienVault released a research report produced by Cybersecurity Insiders. Cybersecurity Insiders is an online community of global InfoSec professionals conducting collaborative research and analysis.
Similarly, AlienVault and Cybersecurity Insiders collaborated on an earlier report: the “2018 Threat Intelligence Report” This report, which detailed the importance and prevalence of threat intelligence, received 381 responses from InfoSec professionals.
So how do the “2018 Threat Intelligence Report” and the latest “2019 SIEM Survey Report” compare? How do their findings complement each other? What can your enterprise learn from them both?
Here are some of the key findings from these critical SIEM research reports by AlienVault and produced by Cybersecurity Insiders:
The Threat Intelligence Report By Cybersecurity Insiders
According to the “2018 Threat Intelligence Report,” 77% of respondents reaffirmed the importance of threat intelligence to their overall security posture. However, 59% of businesses reported their current threat intelligence rated as average or worse. 41% rated their ability to detect threats as only average.
Meanwhile, enterprises deploying next-generation threat intelligence benefit from better threat analysis and more efficient security operations. Additionally, the majority of respondents, 33%, said false positives made up less than 5% of their overall security alerts with next-generation threat intelligence.
The top use cases for cyber threat intelligence include threat detection, incident response, and vulnerability management. The other use cases include blocking threats, proactively hunting for indicators of compromise, and adding context to security investigations.
In the report, Holger Schulze—CEO and Founder of Cybersecurity Insiders—wrote a succinct summary on the importance of threat intelligence; “Organizations are going to need these tools as they face cyber threats such as phishing, zero-day attacks, insider attacks, advanced persistent threats, and malware, and deal with challenges including the detection of advanced threats, gaining full visibility into all assets and vulnerabilities, and the lack of advanced security staff.”
The SIEM Survey Report
In a similar vein, according to the AlienVault 2019 SIEM Survey Report produced by Cybersecurity Insiders:
- 23% of enterprises benefit from SIEM’s faster detection and response, and 12% benefited from its threat visibility.
- 68% of enterprises report monitoring, correlation, and analysis capabilities across multiple systems as their SIEM key use case.
- 62% claim discovering threats as their SIEM key use case.
- 76% report SIEM results in a reduction of security breaches. 30% report a significant reduction in said breaches.
- 75% confirm SIEM improve their ability to detect threats.
- 46% say SIEM effectively assist their security teams in identifying unauthorized access.
However, the enterprises still face hurdles in their SIEM deployment. 40% of enterprises report a lack of skilled or trained staff to operate SIEM optimally. 34% reported a lack of budget, and 31% reported being overwhelmed by false positives. The connection between the two reports is obvious; SIEM solutions provide the threat intelligence capabilities enterprises need to fulfill their detection demands.
The above mentioned SIEM and threat intelligence findings only scratch the surface of both reports. You can read the AlienVault report produced by Cybersecurity Insiders—the “2019 SIEM Survey Report”—here. You can read more about AlienVault’s SIEM security and threat intelligence research here.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021