Survey: The Trouble With SIEM

By | March 14, 2013

Posted in: Network Security Trends

Security Information and Event Management (SIEM) was supposed to make life easier for IT professionals, analyzing the torrent of incoming security data from the network perimeter to provide real-time analysis on security threats.

Instead, it seems to have become a bit of an albatross for security pros who have to wrestle with increased complexity and management, according to a survey issued by network security vendor eIQNetworks.

Nearly half of those surveyed said that it took a few weeks to up to more than a month to deploy their latest SIEM product. Not an issue in and of itself. However, once deployed, organizations reported issues with timely monitoring, managing and remediating security and risk.

"The survey results indicate that organizations continue to suffer from symptoms of traditional SIEM deployments,” said Brian Mehlman, senior director product management, eIQnetworks, in the release. "From cost burdens and management headaches, organizations are looking for a cure to SIEM."

Many also faced challenges with compliance issues. An unfortunate development, since more than a third of those surveyed said that compliance requirements pushed their organizations towards a SIEM solution in the first place.

The cost is also an issue, with 31 percent of respondents saying they would consider replacing their existing SIEM solution for better cost savings.

Adding further insult to injury, the majority of breaches continue to go undetected "due to the complexities involved in correlating security and configuration data across IT assets, inadequate security controls, and lack of actionable and timely security intelligence," according to the survey.

An indication that SIEM might have some chronic issues.

The survey polled 191 IT decision makers at a variety of levels in a wide range of industries, from healthcare to financial services to the public sector, indicating that these difficulties appear to be universally shared.

With vendors out there like IBM, Splunk, Trustwave, HP and others vying for their share of the market, there are no shortage of options. But based on the results, none of them have yet arrived at a magic SIEM elixir.

Joe Magee, CTO of Vigilant, a vendor that specializes in SIEM solutions, told Security Bistro that proper planning is key.

"Too often, the planning phase is short-changed, resulting in unwieldy SIEM environments that produce a “kitchen sink” of data with little or no value to the organization from an analytics and/or alerting perspective," Magee said. "With proper planning, organizations can execute an output-driven approach that defines all of the information that they want to receive “out of the SIEM,” before integrating log data into the SIEM environment. This allows for a much more manageable set of data for analysts to review and delivering a higher performing SIEM infrastructure."

Mehlman also maintains that there is a silver lining here: "The good news is that the remedy to this perpetual affliction is through simplified and cost effective security intelligence solutions that provide organizations with critical visibility across the entire spectrum of enterprise security data.”

"Big" Future for SIEM?

While proper planning and simplification are key, Magee maintains that understanding the larger picture is what will make or break any SIEM solution.

"The intersection of security and business intelligence is here to stay, and until companies embrace this, they are doomed to struggle with the same old SIEM problems," Magee said.

Magee said that the recent buzz at RSA over "Big Data" will play a key role in the future of SIEM and whether or not an enterprise can harness the enormous potential of SIEM into a functioning security solution.

"The future of SIEM is all going to come down to big data," said Magee. "Adopting a “data science” culture and re-architecting SIEM technology accordingly will be key to relieving issues related to SIEM process and management going forward. But it’s not just about the technology -- users will also have to adapt to this new environment and start thinking like data scientists too."

You May Also Be Interested In: