You need SIEM in your enterprise’s cybersecurity platform and planning.
Enterprises large and small often turn away from SIEM for a diversity of perceived issues; some consider it too complex for their IT teams. Other companies consider it an unnecessary expense or only as a tool for compliance reporting.
All of these arguments not only ignore why they need SIEM but also what SIEM can offer them.
To explore why enterprises need SIEM—to explain its relevance in modern cybersecurity—we gathered studies and white papers on its value. These numbers only scratch the surface on this pressing issue, but it should give your enterprise insight into this seemingly confusing aspect of IT security.
Here are the numbers:
You Need SIEM to Stop Modern Threats
The shift in cybersecurity thinking serves as one of our favorite recurring themes in our reporting. Where once prevention reigned supreme, experts now emphasize detection and remediation. Modern digital attacks prove far more effective at penetrating enterprise digital perimeters and evading legacy detection capabilities. Only with modern threat detection and threat intelligence can enterprises secure their most precious assets.
- 59% of enterprises rate their threat intelligence effectiveness as only average or worse, according to the AlienVault and Cybersecurity Insiders “2018 Threat Intelligence Report.”
- 57% rated their threat detection capabilities as average or worse.
- 77% of all reported endpoint compromises began with a fileless malware attack according to the AlienVault “Five Endpoint Attacks Your Antivirus Won’t Catch: a Guide to Endpoint Detection and Response” white paper.
- Only 29% of IT and InfoSec professionals have sufficient visibility into their attack surfaces according to the Tenable and Ponemon Institute Measuring and Managing the Cyber Risks to Business Operations Report.
The top threats facing enterprises today include:
- Phishing attacks (56%)
- Zero-day attacks (47%)
- Insider Threats (46%)
- Malware (44%)
- Ransomware (42%)
Of these, not only do phishing attacks serve as hackers’ weapon of choice, but they also prove hard to defend against without a SIEM solution. According to the SlashNext 2018 Phishing Survey:
- 64% of respondents cite insufficient employee awareness and training as their top concern for protecting their enterprise against phishing attacks.
- 45% say they experience 50 or more phishing attacks per month.
You Need SIEM To Transform
Enterprises around the world look to digital transformation and cloud adoption as the next stage of their growth both digitally and in the analog world. Digital transformation promises near-infinite scaling possibilities, better collaboration, and a stronger bottom line. However, without SIEM to protect your fledgling digital infrastructure, digital transformation can quickly sour on you.
- <30% of businesses deploy encryption in digitally transformative environments, according to the 2019 Thales Data Threat Report – Global Edition.
- 44% said complexity is the most pressing barrier to implementing data security.
- 43% said cybersecurity is the biggest barrier to cloud adoption, according to the Ping Identity 2018 Survey: The State of Enterprise IT Infrastructure & Security.
- 91% of IT professionals are concerned about cloud security, according to the AlienVault “Beginner’s Guide to AWS Security Monitoring” whitepaper.
Moreover, you need SIEM to manage the deluge of data your enterprise generates and to find threats and security lurking within the logs.
- According to the AlienVault “SIEM for Beginners” whitepaper, a Fortune 500 enterprise can generate 10 terabytes of plain-text log data per month.
- For context, a terabyte contains 1,024 gigabytes. A gigabyte can store 677,963 pages of text.
SIEM and Security Team: A Symbiotic Relationship
One of the most common complaints concerning SIEM is the need for IT expertise to deploy and maintain it optimally. 68% of respondents to a recent SAN survey said the cybersecurity skills shortage as being the top obstacle to incident response according to the Insider’s Guide to Incident Response by AlienVault. 57% of enterprises lack the security staff to make threat intelligence actionable. 47% lack the resources to access external threat intelligence.
However, without SIEM, your security team will swiftly become overwhelmed by the demands of your enterprise. You need SIEM to provide the security alert contextualization, automated threat detection, and automated remediation vital to supplementing your human security intelligence. So you need the right team to make SIEM work. However, you need SIEM to have your team perform to its full potential.
Don’t deny your team the tools they need.
Latest posts by Ben Canner (see all)
- 5 Key Security Analytics Capabilities for Security Operations Centers - October 17, 2019
- 40 Percent of Security Practitioners Don’t Report to the Board - October 15, 2019
- What Do SIEM Components Actually Do For Enterprises? - October 10, 2019