By Tyler Farrar, CISO, Exabeam
According to the Exabeam State of the SIEM survey, security professionals remain confident in the face of modernizing adversaries despite rising breach numbers. The survey revealed that 97% of security professionals feel assured that they are well-equipped with the tools and processes they need to prevent and detect intrusions or breaches. However, according to other recent security industry reports, 83% of organizations experienced more than one data breach in 2022.
So where’s the disconnect? What are the problems preventing organizations from having the upperhand against threat actors? Let’s dive deeper into the survey results:
Visibility and Information is the Name of the Security Game
In the State of the SIEM survey, only 17% of all respondents have visibility into 81–100% of their network. This reality increases the likelihood that adversaries are lurking in the shadows of a company’s network without the security team’s knowledge.
While a significant portion of respondents were certain they can prevent cyberattacks, this confidence fails under further scrutiny. Only 62% of respondents said they can confidently tell the company board that no adversaries have breached the network — which means that more than a third of respondents cannot answer confidently whether an adversary is in their network.
Defending The Cyber Front Lines and Handling Stress
The security profession is known for being demanding and stressful at times. When attacks surge, stress subsequently rises. In the survey, 43% of respondents cited preventing issues as one of the major stressors. They also listed the following concerns:
- Lacking full visibility due to security product integration issues (41%)
- An inability to centralize and understand the full scope of an event or incident (39%)
- Being unable to manage the volume of detection alerts with too many false positives (29%)
- Not feeling confident that they’ve resolved all problems on the network (29%)
Compromised Credentials Remain a Headache
Incident detection is critical to battling compromised credentials — which are the cause of 90% of today’s breaches. Thus, it is essential that organizations prioritize investing in modern security solutions that provide visibility into users and their network to detect compromised credentials. After all, blindspots are a compromised users’ best friend. Adversaries can hide in the smokescreen of alerts.
When cybercriminals are in a company’s network, data exfiltration can begin within minutes. Conversely, these criminals may lurk in the network for months, waiting for the perfect time to harvest company data. Here are a few final takeaways on the topic:
- Just 11% can scope the overall impact of detected malicious behaviors in less than one hour.
- 52% report they can analyze it in one to four hours.
- 34% take five to 24 hours to identify high-priority anomalies.
The Bottom Line and What Organizations Can Do to Protect Themselves
Even with significant spending on tools to prevent incidents, threat actors are still breaking into networks using compromised credentials and similar tactics. The result is overwhelmed, burnt out security analysts, and large-scale data breaches.
The key to changing the narrative and reigning in data breach numbers is for organizations to invest in both detection and prevention tools. Behavioral analytics and similar automated insights, combined with preventative technologies such as firewalls, etc. can bolster a company’s security posture and make sure that security teams are in a better position to respond to adversaries.
About the Author
Tyler Farrar, CISO, Exabeam, the cyber security company that defined the user entity and behavior analytics (UEBA) security technology category. Exabeam is a global cybersecurity leader and creator of New-Scale SIEM™️ – offering a new way for security teams to approach threat detection, investigation, and response (TDIR). By combining the scale and power of the cloud with the strength of our industry-leading behavioral analytics and automation, organizations gain a more holistic view of security incidents, uncover anomalies missed by other tools, and achieve faster, more accurate and repeatable responses.