SIEMs cover less than 20 percent of attack techniques

No Comments

Security information and event management (SIEM) systems used by enterprises only have detections for 38 (19 percent) of the 201 techniques covered in the MITRE ATT&CK v14 framework according to a new report.

CardinalOps analyzed more than 3,000 detection rules, 1.2 million log sources and hundreds of unique log source types from real-world SIEM instances across Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic.

But the report finds organizations have the potential to cover 87 percent of all MITRE ATT&CK techniques with the data they are already ingesting in their SIEMs. However, nearly one in five SIEM rules are broken. The findings show that 18 percent of SIEM rules will never fire due to a common issue like misconfigured data sources and missing fields.

Multiple SIEM environments are on the rise too with 43 percent of organizations reporting having two or more SIEMs in production. Reasons for this include seeking cost savings, multiple business units, and a need to abide by regulatory requirements.

"These findings highlight the difficulty that organizations face in building and maintaining effective detection coverage," says Yair Manor, CTO and co-founder at CardinalOps. "Security teams continue to struggle with getting the most out of their SIEM and worse, often falsely believe that they are protected when in reality they are at great risk."

The reasons for this lack of coverage are cited as, complexity, constant change, manual and error-prone processes, difficulty finding and retaining skilled staff, and that the fact that there's no 'one size fits all' solution.

You can get the full report from the CardinalOps site.

Image credit: Arwagula/Dreamstime.com

No Comments
Got News? Contact Us

Recent Headlines

Deepin Linux V23 RC2 delivers a kung fu kick from China to knock out Windows 11

Ransomware up 33 percent in May as new groups emerge

SIEMs cover less than 20 percent of attack techniques

Almost a third of IT assets lack some security controls

Opera One launches native version for Windows on Arm

Google pioneers clean transition tariff with NV Energy to boost clean energy access

Lack of tech understanding at executive level hinders enterprise transformation

Most Commented Stories

Say goodbye to Microsoft Windows 11: Nitrux Linux 3.5.0 is the operating system you need!

83 Comments

Say goodbye to Microsoft Windows 11 and hello to Ubuntu-based Linux Lite 7.0

42 Comments

CachyOS June 2024 release makes it easy to say goodbye to Microsoft Windows 11 and hello to Linux

17 Comments

Microsoft is cleaving vestiges of the past from Windows 11 24H2

13 Comments

MX Linux 23.3 Libretto: Why you should switch from Microsoft Windows 11

11 Comments

Microsoft Start Weather blows away the competition with AI-powered forecast accuracy

9 Comments

Windows 10 may be in its death throes, but Microsoft has reopened beta testing

6 Comments

Microsoft starts the rollout of Windows 11 24H2 -- install it now!

6 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.