Organizations seem to be struggling with keeping up with the events in their security incident and event management (SIEM) systems.
According to Exabeam’s State of the SOC report, only five percent of respondents believe that they see 100 percent of events in their SIEM system. But that statistic should be taken with a grain of salt.
Gorka Sadowski, a senior director analyst at Gartner, explained that this is a trick question. It’s impossible to know whether or not you are actually seeing 100 percent of the events in your SIEM, or if you just think you are. “You essentially are asking the CISO, ‘do you know what you don’t know?’”
So the reality is, that five percent of people who stated they see 100 percent of events might be a lower number than stated by Exabeam.
The survey noted that keeping up with security alerts was the largest pain point for security operation center (SOC) analysts. This challenge was often caused by legacy applications, a lack of cooperation, and a lack of budget.
“There’s an idiom, ‘what you don’t know can’t hurt you.’ But in the information security business, that couldn’t be further from the truth. In fact, it’s what you don’t know – or worse, can’t see – that will significantly harm your business,” said Steve Moore, chief security strategist at Exabeam. “From our survey, an example of how this can manifest is general lack of environmental visibility in the form of too few logs – you can’t protect what you can’t see. Visibility, event context and automation play a key role in building relevant defense, so you can have a fighting chance against even the most sophisticated adversaries.”
The report also found that one third of respondents believe their SOC is understaffed, which is down from last year’s report where 55 percent of SOC managers believed their SOC was understaffed. SOCs with high employee retention tended to offer workplace benefits, high wages, and a challenging work environment.
The report surveyed 150 IT professionals in the United States and the United Kingdom.