SIEM doesn’t reduce security incidents, say IT pros
A survey of IT professional has shown that most organisations don’t audit their IT infrastructures and those that do don’t have complete details of who changed what, when, and where.
In a survey of 800 IT pros working for companies of all sizes involved in more than 30 industries, 74% of IT professionals who have deployed a SIEM solution say that it didn’t have significant impact on security incidents.
The results of the Netwrix 2014 SIEM Efficiency Survey Report also reveal that the majority of IT pros who have a SIEM solution agreed that, when it comes to auditing changes, SIEM has noise, gaps in audited data and hard-to-read change auditing reports.
With the increasing growth in security breaches, the survey tackled the problem of IT infrastructure auditing as a key to strengthen security and protect sensitive data against insider threats and external attacks.
62% of surveyed IT pros stated that they have encountered security violations of their IT infrastructures at least once, and that large enterprises experience security incidents more often than small and medium businesses.
However, SMBs are not immune and half of those surveyed have to deal with regular security incidents. Surprisingly, 73% of SMBs make little effort to provide complete visibility of their IT infrastructures and don’t audit changes made to sensitive information and system configurations.
Summarising the survey results, companies with SIEM solutions deployed are mostly unsatisfied with the level of detail provided in SIEM change auditing reports and they also admit experiencing security violations. Despite the rising trend of security breaches, less than a third of organisations plan to strengthen the security by enabling continuous auditing of their IT environments. However, the majority of companies that already use change and configuration auditing solutions find them helpful when investigating a security breach.
“SIEM is recognised as a powerful solution for ensuring security of the whole network. However, as the findings of the survey show, security requires a deeper insight into what is happening across the entire IT infrastructure,” says Michael Fimin, CEO and co-founder of Netwrix. “Continuous change and configuration auditing adds more value and enforces the SIEM solution with details of who did what, when, and where across all systems and applications. Auditing changes on a regular basis is a key point in preventing security breaches and ensuring that sensitive information is protected.”