Even though enterprises adopt Security Incident and Event Management (SIEM) tools to evaluate security alerts generated by applications and network hardware in real-time, is it sufficient to identify and mitigate a wide range of threats?
Enterprise’s cyber threat detection remains far less than what most of the industry veterans expect from them. Many organizations are not able to identify the gap between their assumed security and the defenses adopted to prevent the organization. Cybercriminals are always looking for loopholes in enterprise IT infrastructure to exploit them and infiltrate the network. Cybersecurity industry veterans share comprehensive frameworks, techniques, and strategies which SecOps teams can implement to prevent their IT infrastructure from adversaries. But in many cases, the actions that are taken are not enough.
According to a 2022 report by Cardinal Ops titled “The state of SIEM detection risk” suggests that enterprise SIEMs only detect less than 5 out of the top 14 MITRE ATT&CK strategies used by the adversaries in the wild. This means enterprises miss out on nearly 80% of the common adversary techniques.
What Makes SIEMs Ineffective
SIEM tools are expensive
One of the most significant pitfalls of SIEM tools is that they are very expensive and might strain the finances. Enterprises have to shed finances for implementation, maintenance, up-gradation, and the workforce to manage all of it. Furthermore, license, renewals, integrations, and training costs will add to the expenses.
Configuration is a tedious process
Enterprises can buy off-the-shelf SIEM tools to streamline the process, but such tools create a lot of noise and deviate from the context. Moreover, off-the-shelf SIEM platforms will not be able to suffice the unique requirements of organizational security like threat model, maturity, and other cybersecurity requirements.
The need for a skillful resource
Businesses need to hire talent with relevant skill sets and expertise to make the most of SIEMs. However, there is a tremendous talent gap which makes the talent scarce and expensive to hire.
Creates too much noise
Another significant pitfall of SIEM platforms is that these tools make too much noise, which leads the SecOps team to deal with alerts that are not even an actual threat to the organization.
The same report of Cardinal Ops also suggests that SecOps teams disable approximately 75% of out-of-the-box detection content offered by SIEM providers due to noise created by the tools. Moreover, the detection engineering teams face many challenges in customizing the platform.
Limited contextual data
Enterprises implementing SIEM find it challenging to identify and research relevant security incidents. The SIEM tools cannot differentiate between sensitive and non-sensitive information. These applications are as capable as the data which is fed to them. The system’s failure to differentiate between suspicious sanctioned file activity and real malicious threats constantly triggers the alarm.
Constant need of up-gradation
Implementing SIEM tools will add another responsibility of continuous maintenance to the IT teams. Post-implementation of SIEM applications, enterprises will have to constantly track and fine-tune the systems to ensure the tools are working properly. The CISOs will also have to design, evolve and implement new compliance policies and security procedures. Evolution in the security policies and procedures might hamper the organization’s workflows. Continuous maintenance and up-gradation will have additional costs on the organization’s finances.
The CISOs should consider designing an effective strategy to overcome these pitfalls of SIEM implementation. Evaluation of the threat coverage gap, designing organizational-specific security and compliance policies, and automating the safe deployments are a few strategies that can help SecOps teams to make the most of SIEM applications.
For more such updates follow us on Google News ITsecuritywire News