Panther recently published their second annual “State of SIEM” report, which surveyed 285 full-time cybersecurity professionals, each working as part of a team that currently uses a security information and event management (SIEM) platform, including security engineers, analysts, and architects. The goal in benchmarking the State of SIEM is to gain insight into what security operations professionals are seeing, their challenges, frustrations, and what they want to improve.
49% believe their SIEM covers less than half of their security data.
A SIEM is a critical piece of an organization’s security infrastructure and needs to cover all of its security data to be effective. If a SIEM only covers a fraction of an organization’s security data, it will not be able to provide the comprehensive security coverage necessary for protecting an organization’s networks and systems. Additionally, if a SIEM does not have complete visibility into an organization’s security data, it will be unable to identify potential threats and vulnerabilities that could put an organization at risk.
“This year’s report further indicates how legacy SIEMs are holding security teams back by making their jobs more challenging and far less enjoyable,” said Jack Naglieri, CEO and founder of Panther. “Security teams are using these tools even though they can’t get the scale and flexibility they need as they face new and emerging threats – pains that my team and I also experienced working at companies like Amazon and Airbnb.”
Adequate security today depends on having a solid data pipeline, structured data, and cloud-first workflows. Security professionals are aware of the static nature of traditional SIEM platforms, and many are concerned about the future. Many of today’s SIEM providers designed their current solution more than ten years ago and haven’t changed their approach much in the last decade.