Steve Jobs once framed his approach this way: “It is in Apple’s DNA that technology alone is not enough—it’s technology married with liberal arts, married with the humanities, that yields us the results that make our heart sing."
One per cent. That whopping statistic represents the number of times a victim has learned about a breach from their logs. Definitely not a statistic a SIEM vendor wants you to hear.
The reality is that a log centric approach to detection just isn’t working. Obviously something has to change. Here’s the problem. Perimeter controls - regardless of the size of investment - create far too much noise. This problem is compounded by the fact that most organizations haven't invested in advanced detection. Alarmingly, those who have invested in solutions like an IPS have them so horribly configured that their SIEM or MSSP is drowning in false alerts."
Companies Suck at SOCs
Today’s security operations center should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise. But it doesn't. How can a vast array of sophisticated detection and prevention technologies, a virtual sea of cyber intelligence reporting, and access to a rapidly expanding workforce of talented IT professionals fail over and over again to stop attacks?
Is Eating the World
Insecure code is the problem few want to speak about. The impact of insecure coding practices is widespread and disastrous. It can result in a massive product recall, millions in lost revenue, the loss of sensitive customer data, and a headline in the Wall Street Journal
is Not Enough
The most glaring thing to us is how budgets dedicated to cyber security are heavily skewed towards Protection/Prevention (80%) and not enough on Detection/Monitoring/ Intelligence (15%) and Response (5%). No wonder the median number of days before a breach is detected is 229 days and that 67% of companies learned they were breached from an external entity. In today’s world of ”always-on” technology and not enough security awareness on the part of users, cyber-attacks are no longer a matter of “if” but “when.” We live in an age where information security prevention is not an option.
Let’s talk about the elephant in the room. Raise your hand if you’ve been let down by your SIEM. Wow. That’s a lot of hands.
You're definitely not alone. Categorically, every organization we deal with says they are not getting value from their SIEM investment and that the cost to increase capacity was much higher than the perceived value
Because We Use A
After a year of research that included surveying 350 companies across multiple regions and dozens of in-depth interviews, we isolated three unmistakable facts at the heart of the problem.