Exabeam, a global cybersecurity leader and creator of New-Scale SIEM for advancing security operations, announced its State of the SIEM survey of 500 U.S. IT security professionals, revealing that 97 percent feel confident they are equipped with the tools and processes they need to prevent and identify intrusions and/or breaches. However, according to recent security industry reports, 83 percent of organizations experienced more than one data breach in 2022.
“The findings indicate a sizable disconnect between market promises and team perceptions. As a result, teams lack the holistic visibility and context to zero in on adversary behavior to identify the causes of major incidents and breaches. As a result, large-scale data breaches and multi-million-dollar remediation efforts are taking a toll on organizations’ brands, customer retention, and act as a distraction to business momentum and budgets,” said Steve Moore, chief security strategist at Exabeam.
Nearly half (46 percent) of all respondents operate more than one cloud or on-premises SIEM platform. Among those with SIEM tools:
- 64 percent of those who have one platform are “very confident” they can detect cyberattacks based on adversary behavior alone, while 59 percent of those with two or more platforms are “very confident.”
- In addition, four percent of U.S. security professionals report not using a SIEM platform, and of those respondents, 81 percent were “confident.”
However, just 17 percent of all respondents can see 81 percent to 100 percent of their network. Since many analysts lack full visibility, the likelihood that adversaries are lurking grows greater.
One reason security teams struggle to prevent breaches is that adversaries often are already in the network, undetected. Despite this reality:
- 65 percent prioritize prevention over detection, investigation and response as their most important security goal
- Just 33 percent said detection was the highest priority
Security investments mirror this thinking:
- Nearly three-fourths (71 percent) spend 21-50 percent of their security budgets on prevention
- 59 percent invest the same percentage on TDIR
While nearly all respondents are certain they can prevent attacks, this confidence drops when challenged. When asked if they’d feel “very confident” telling a manager or the board that no adversaries had breached the network at that time, only 62 percent say yes, leaving more than a third with doubts.
As attacks surge, security jobs become more demanding. Some 43 percent of respondents cited being unable to prevent bad things from happening as the worst part of their job, followed by:
- Lacking full visibility due to security product integration issues (41 percent)
- An inability to centralize and understand the full scope of an event or incident (39 percent)
- Being unable to manage the volume of detection alerts, with too many false positives (29 percent)
- Not feeling confident that they’ve resolved all problems on the network (29 percent)
Adding to the complexity of incident detection, Exabeam found that more than 90 percent of security professionals battle compromised credential cases. It’s critical to note that some SIEMs don’t use behavioral analytics and incorrectly can flag legitimate user actions as malicious, increasing the number of false positive alerts teams must triage, adding to their mental fatigue.
With blind spots and noisy alerts, it’s not surprising that security teams can’t match pace with adversaries:
- Just 11 percent can scope the overall impact of detected malicious behaviors in less than one hour
- 52 percent report they can analyze it in one to four hours
- 34 percent take five to 24 hours to identify high-priority anomalies
However, data exfiltration typically begins minutes into an attack, and adversaries can do significant damage in just a few hours.
To learn more about Exabeam, please visit https://www.exabeam.com.