After a year of remote work that has seen several high profile and impactful cybersecurity breaches make headlines, have tech leaders turned to security information event management (SIEM) tools as a way to bolster their security posture?
Pulse surveyed 248 tech leaders to understand:
Data collected from April 21 - May 19, 2021
Total respondents: 248
Almost two-thirds (65%) of decision-makers are deploying SIEM in their organization: Will this change the minds of the 35% who aren’t?
Not anytime soon apparently, as most (66%) of those currently not deploying SIEM have no plans in place to do so. Those that do have a plan mostly won’t deploy for at least 7 months (24%).
85% of those who have added SIEM to their security stack are more satisfied with their security since SIEM adoption.
And an overwhelming 96% report that threat detection has improved since SIEM deployment.
For deployment, most (49%) used a managed security services provider (MSSP) for setup and then internal management. Over a third (35%) deployed internally without an MSSP.
Decision-makers perceive costs (69%), skills requirements/training (57%), and problems defining data from the noise (50%) as the main disadvantages of SIEM products.
In fact, looking closer at costs, over a quarter (26%) of decision-makers say that SIEM products cost significantly more than they would like to spend. Only 6% describe the average price point as fair.
The top desired benefits of SIEM include faster threat detection (68%), increased security operations efficiency (64%), and centralized visibility (61%), according to decision-makers.
Outside of IT, the business benefits from SIEM deployment mostly through enhanced cybersecurity risk management (78%), increased visibility (55%), and compliance (54%).
Decision-makers believe that SIEM products are best suited for detecting Denial of Service-type attacks (D/DDoS) (54%), followed by malicious insider threats (49%) and web-based attacks (49%).
Tech leaders highlight complex threat identification (36%) as the most critical capability for latest generation SIEM technology, followed by security orchestration, automation and response (SOAR) (24%), and user and entity behavior analytics (UEBA) (20%).
As for features leaders would like to see in a SIEM product, intelligent threat detection (73%) is the most desirable, followed by automated notifications (55%) and threat prioritization (50%).
From SIEM vendors, decision-makers want to see lower costs (54%), implementation assistance (51%), and realistic product expectations (51%).
Pulse is a social research platform trusted by technology leaders around the world. These leaders rely on the community to make connections, share knowledge, get advice, and stay on top of current trends in the technology space. The questions, polls, and surveys posted in the platform are curated in Pulse's One-Minute Insight reports, which reflect what technology leaders care about right now—and in the rapidly evolving world of software, real-time data and insights in what matters most.