In response to media coverage of incident response burdens based on recent surveys — including a recent survey from from next-gen SIEM developer Cyphort which codifies the burdens that legacy SIEMs place on security teams, two security professionals commented below.
Dr. Hernan Londono, CTO at Barry University:
“So what we know from having operated a SIEM for years now, and based off the number of alerts that we received, we calculate that between 15% and 20% of the alerts are maybe real incidents. The rest, potentially, are noise.”
“What I like about the approach of more advanced solutions such as emerging anti-SIEMs is that the technology automates a number of different process that were very distributed, and that previously took a lot of hours and time from analysts. Our deployment now lets the analysts concentrate on other very critical aspects of cybersecurity which really are not related to discerning whether something is noise or not.”
Vladislav Ryaboy, Director of Global Security Operations at Crawford and Company:
“In our particular situation, we have three people completely, entirely dedicated to upkeep of the SIEM within our environment.
“A next-gen approach to SIEM provided that missing link within our chain. It provides our ability to become more cost-efficient, more productive, and more knowledgeable about our own environment. Its ability to provide the visibility in the contextual representation of any particular threat is something which we love about the product and would like to leverage it globally.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.