According to a study published today by Aberdeen Grouponly about 20 percent of SIEM users can point to definite gains from using the tools, as measured by reductions in security incidents, audit deficiencies, or operational costs.
"The majority of respondents have not yet achieved those quantifiable benefits, and in some cases are seeing increases in audit deficiencies, security incidents. and operational costs associated with security management," said Aberdeen in a press release.
Experts at both Aberdeen and Vigilant, a managed security services provider that sponsored the study, say that the problem is not in the SIEM or log management tools themselves, but in the way they are being implemented.
"In many cases, enterprises are too focused on what the vendors tell them the products can do, and not enough on what their real requirements are," says Alison Andrews, CEO of Vigilant, which offers consulting services and a framework for focusing the tools on specific tasks, such as regulatory compliance or reducing security incidents.
The Aberdeen data may also indicate that some of the early SIEM tools were implemented as point solutions to solve specific problems, and that their full functionality hasn't been exploited yet, Andrews says.
"There wasn't as big a gap between the top implementors and the laggards as we'd have expected, in terms of what they've gotten from the technology," she says. "Even though SIEM technology has been around for years, and a lot of enterprises have had it in place for some time, it's still a nascent market."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.