New Report from Cyphort and Osterman Research Puts Spotlight on SIEM User Challenges and How Incident Responders Spend Their Time
Cyphort, Inc., today released a report, “The Complexities of SIEMs and Their Impact on IR Processes,” based on new research conducted by Osterman Research, which surveyed SIEM users in 130 enterprise-level organizations across the U.S. While the majority of users said they were “mostly” satisfied with their SIEM, the data also revealed respondents’ widespread dissatisfaction with the threat investigation and analysis capabilities available through their SIEMs, and further incident resolution delays.
“I think it’s generally accepted that many SIEMs have not performed well in terms of proactive threat detection and analytics capabilities, and the new data confirms that,” said Michael Osterman, Principal Analyst of Osterman Research. “Unfortunately, these shortcomings, along with the inherent complexities involved in using a SIEM effectively, have also put a significant burden on security analysts and incident response teams in terms of their productivity. And wasted time translates to wasted costs for these organizations.”
For example, the report revealed that security analysts and incident responders working in companies with 1,000 employees would spend an average of 92.9 hours a week (equal to about $4,000 in weekly IT staff salary) analyzing and responding to data extracted from the SIEM. In companies with 2,000 employees, that would double to nearly $8,000 per week. Further, the research reveals that the majority of this time is spent early in the process of trying to identify and confirm specific security threats that may have compromised the network.
Other key findings presented in the report include:
- Less than 40% of respondents are satisfied with the volume of data and the level of endpoint visibility of their SIEM system;
- More than half of organizations experience at least 5 security events per day, and 56% of these experience more than 10 events per day;
- Most SIEMS require substantial human involvement — in 65% of organizations, the involvement of at least 5 persons is required to resolve security incidents, and in 17% of responding organizations, at least 15 persons are involved;
- For incidents requiring escalation, almost a third (31%) of organizations using a standard SIEM take at least two hours to gather and correlate the data necessary for the next level of incident response — a time-consuming process that can be automated and accelerated through advanced security analytics;
- Collecting, analyzing and communicating the appropriate information to stakeholders is the most time-consuming part of the escalation process for 70% of respondents using traditional SIEMs; and
- Security incidents typically require a median of 10 elapsed hours to resolve, however nearly one-third of respondents indicated that the process takes 16 or more elapsed hours to resolve.
“This is the third major research project we’ve conducted over the past six months, and each one has given us more clarity on the unique challenges facing overworked, understaffed security teams,” said Franklyn Jones, CMO at Cyphort. “It validates the need for more intelligent security solutions that can reduce the cost, noise, complexity, and wasted time associated with traditional SIEMs. We’re very pleased that Cyphort’s innovative Anti-SIEM software is addressing those needs and providing value to a growing number of organizations.”
The complete report “The Complexities of SIEMS and Their Impact on IR Processes” is available here.