Attacks/Breaches
7/17/2017
05:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SIEM Complexities Increase IR Costs, Decrease IR Productivity

New Report from Cyphort and Osterman Research Puts Spotlight on SIEM User Challenges and How Incident Responders Spend Their Time

SANTA CLARA, CA--(Marketwired - Jul 19, 2017) - Cyphort, Inc., today released a report, "The Complexities of SIEMs and Their Impact on IR Processes," based on new research conducted by Osterman Research, which surveyed SIEM users in 130 enterprise-level organizations across the U.S. While the majority of users said they were "mostly" satisfied with their SIEM, the data also revealed respondents' widespread dissatisfaction with the threat investigation and analysis capabilities available through their SIEMs, and further incident resolution delays.

"I think it's generally accepted that many SIEMs have not performed well in terms of proactive threat detection and analytics capabilities, and the new data confirms that," said Michael Osterman, Principal Analyst of Osterman Research. "Unfortunately, these shortcomings, along with the inherent complexities involved in using a SIEM effectively, have also put a significant burden on security analysts and incident response teams in terms of their productivity. And wasted time translates to wasted costs for these organizations."

For example, the report revealed that security analysts and incident responders working in companies with 1,000 employees would spend an average of 92.9 hours a week (equal to about $4,000 in weekly IT staff salary) analyzing and responding to data extracted from the SIEM. In companies with 2,000 employees, that would double to nearly $8,000 per week. Further, the research reveals that the majority of this time is spent early in the process of trying to identify and confirm specific security threats that may have compromised the network.

Other key findings presented in the report include:

·         Less than 40% of respondents are satisfied with the volume of data and the level of endpoint visibility of their SIEM system;

·         More than half of organizations experience at least 5 security events per day, and 56% of these experience more than 10 events per day;

·         Most SIEMS require substantial human involvement -- in 65% of organizations, the involvement of at least 5 persons is required to resolve security incidents, and in 17% of responding organizations, at least 15 persons are involved;

·         For incidents requiring escalation, almost a third (31%) of organizations using a standard SIEM take at least two hours to gather and correlate the data necessary for the next level of incident response -- a time-consuming process that can be automated and accelerated through advanced security analytics;

·         Collecting, analyzing and communicating the appropriate information to stakeholders is the most time-consuming part of the escalation process for 70% of respondents using traditional SIEMs; and

·         Security incidents typically require a median of 10 elapsed hours to resolve, however nearly one-third of respondents indicated that the process takes 16 or more elapsed hours to resolve.

"This is the third major research project we've conducted over the past six months, and each one has given us more clarity on the unique challenges facing overworked, understaffed security teams," said Franklyn Jones, CMO at Cyphort. "It validates the need for more intelligent security solutions that can reduce the cost, noise, complexity, and wasted time associated with traditional SIEMs. We're very pleased that Cyphort's innovative Anti-SIEM software is addressing those needs and providing value to a growing number of organizations."

The complete report "The Complexities of SIEMS and Their Impact on IR Processes" is available here.

About the Anti-SIEM
The Anti-SIEM is a distributed software platform that begins with a focus on threat detection, by ingesting raw data from web, email, and lateral spread traffic, as well as log and event data from a variety of other security tools in the network. All information is fed into its analytics engine, which uses machine learning and behavioral analysis technologies to first identify advanced threats, then correlate all related alerts and log events from other sources, and finally add user/host identify information. The Anti-SIEM then presents analysts with a consolidated timeline view of the entire security incident, showing the threat and all related events over time, as well as progression through the cyber kill chain. The entire process takes as little as 15 seconds. 

About Cyphort
Cyphort, Inc. is a security software company providing mid- and large-size enterprise customers with innovative security analytics for advanced threat detection and defense. The solution is built with an open architecture that integrates with existing security tools to discover and contain the advanced threats that bypass the first line of security defense in an organization. Based in Santa Clara, California, the company was founded in 2011, is privately-held, and distributes its software through direct sales and channel partners across North America and international markets. Learn more at www.cyphort.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Santa: "How about a unicorn coming out of a monitor instead?"
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.