Three-quarters of cybersecurity professionals have reported that Security Information and Event Management (SIEM) reduces security breaches. This is according to an Alien Vault and Cybersecurity Insiders report, which surveyed 417 users.
SIEM benefits
First and foremost, respondents identified the main benefits that they derive from their SIEM platforms. 23% of respondents said that it allowed them to provide faster detection and response to security events. 14% indicated that their SIEM platform enabled more efficient security operations, while 12% reported better visibility into threats. Meanwhile, 8% of respondents said it enabled better threat analysis, compliance posture, and prioritisation of indicators of compromise (IOC).
SIEM use cases
Overall, respondents cited monitoring, correlation, and analysis across multiple systems as the most important use case for SIEM. 68% did so, but 62% said that SIEM's ability to aid with the discovery of external and internal threats was the most significant. 51% indicated that it was monitoring the activities of users, while the same number of people said monitoring server and database access was the most important. However, 38% of users said that the platform was the most useful in providing compliance reporting.
SIEM is reducing breaches
An overwhelming majority (76%) confirmed that their SIEM platform improved their ability to detect threats. Furthermore, these respondents also indicated that their use of SIEM had catalysed a "measurable reduction of security breaches" in their organisation. In terms of the individual percentages, 30% said that it had reduced a significant amount of breaches. An additional 46% said they saw some reduction in breaches, while 25% reported no improvement.
However, 28% stated that their ability to detect threats had improved greatly. 47% said it had improved, 21% declared nothing had changed, and 4% indicated that their capabilities had worsened. Despite this, 46% of respondents reported that their SIEM platform was the most effective at detecting unauthorised access. 42% also said that it detected advanced persistent threats, while 37% stated it had identified insider attacks. Respondents also said it had helped identify malware (35%), web application attacks (34%), and hijacking of resources (33%). However, prolific zero-day attacks (28%) and denial of service attacks (29%) had the lowest detection rates.