SIEM is a complex solution that requires thorough maintenance and support, which often skyrockets SIEM expenses. The need to hire and train more SIEM analysts is named as the main factor that significantly influences the total cost of SIEM ownership. It earned the highest score (4.8) in the rating of expenses. In addition, 69% of respondents already consider options that would help them reduce SIEM bills for maintenance and licensing.
Other findings of the survey show:
- SIEM is necessary for better security threat awareness. According to 67% of IT pros, the ability to detect security threats in real time is the top driver for deploying SIEM. Other popular reasons include more efficient root-cause analysis and incident investigation caused by unwelcome changes (61%), and streamlined compliance reporting (50%).
- Excessive data might be worse than lack of data. SIEM reports containing too much noise data continue to bother about 81% of users, compared to 75% revealed in the previous survey held in 2014. Reports demonstrate the disparate array of raw logs that complicate understanding of who did what, when and where. However, 68% (61% in 2014) claim that SIEM reports don’t provide enough information, such as before and after values of the changes.
- Reports are difficult to understand. When it comes to passing compliance audits or validating internal security policies, 65% of respondents regularly face issues with finding necessary audit data upon request. Also, 63% of respondents (55% in 2014) see difficulties in understanding the reports, and 57% of respondents have to manually adjust data to make the reports understandable to non-tech stakeholders.
- Additional solutions are able to fill the gaps. About 55% of enterprises rely on human resources and prefer to hire additional SIEM analysts. While 41% opt for SIEM integration with third-party solutions. Which in turn makes 86% of these companies happy about using IT auditing as a third party solution to overcome SIEM drawbacks.
“The tendency we see today is that most companies are not ready to put up with considerable expenses and limitations. The companies are looking for ways to solve this problem and finally understand what is going on in their IT infrastructures. IT auditing can become a perfect solution to overcome these drawbacks and provide complete visibility, while decreasing IT costs.” said Alex Vovk, CEO and co-founder of Netwrix.
Download full SIEM Survey Report in PDF.