A recent survey by the Ponemon Institute of around 600 users of SIEM solutions shows how efficient SIEM solutions (Security Information and Event Management) are in companies.
SIEMs are key to cybersecurity in organisations, as they recognise threats that other security solutions cannot identify. To achieve this, the solutions collect protocol data – so-called logfiles – from different network sources and analyze them in the best case in real time to be able to evaluate suspicious events in the network.
However, SIEM is not the same as SIEM: on the market there are numerous suppliers with more or less advanced solutions. Here, the SIEM Productivity Study of the Ponemon Institute delivers important knowledge that will help companies choose the right technologies.
Time and resource eater "FalsePositives"
In 80 percent of cases, the solutions are not particularly effective and do not create the necessary personnel costs in the SOC. What are the causes and what can we do about it?
The reason for this inefficiency of many SIEM solutions,as the study, is that the security analysts in the company spend 25percent of their time following the false messages of so-called "FalsePositives" because security warnings are not correct.
Cair between traditional SIEMand Next-Gen-SIEM solutions such as LogRhythm
Such misalarms are found in particular in conventional SIEM solutions. Compared to older solutions, modern Next genes like LogRhythm use artificial intelligence and machine learning. Current SIEM technologies from LogRhythm such as UEBA (Userand Entity Behavior Analytics), NDR (Network Detection & Response) and SOAR(Security Orchestration, Automation & Response) were able to significantly increase productivity in the companies they used.The overall time for security tasks was reduced by a total of 51 per cent in the company, compared to the time before use. Considering these results against the background that many SOCs are chronically underused, it can be concluded thatNext-Gen-SIEMs can not only help increase productivity, but the company can also better secure.
With its partner LogRhythm, TWINSOFT has one of the three market leaders in its portfolio, but it has the best price-performance ratio in comparison. Just contact us for a personal appointment or a demo!
