Security Information and Event Management (SIEM) solutions have been put under the microscope and are often criticized by some in the industry as being outdated and “reactive” security solutions that don’t always help organizations defend against cyber attacks, but rather help respond after a damaging attack. While SIEM solutions may be taking some heat, they still play an important role in an organization’s overall security strategy, and new research from McAfee shows that SIEM is still top of mind for security executives.
In its annual study that looks to see how IT decision-makers view and address risk and compliance management, McAfee’s Risk and Compliance Outlook: 2012 found that Database Security and SIEM were among the top priorities due to the rise in advanced persistent threats and increased compliance requirements.
According to the report, database security appears to be an ongoing concern for organizations due to growing compliance requirements and high profile data breaches that have hit just about every industry.
When asked about sensitive database breaches, over one quarter of the 438 respondents had either had a breach or didn’t have the visibility to detect a breach, making SIEM a top concern. The results revealed that most organizations rely on legacy systems that do not meet their current needs, with approximately 40% of respondents saying they plan to implement or update a SIEM solution. While 80% of respondents cited visibility as very important, security teams remained challenged in this area. Discovering threats was listed as the top challenge to managing enterprise risk.
Other key findings include:
• 96% of organizations indicated they would spend the same or more on risk and compliance solutions as part of their 2012 security budgets.
• Approximately half of respondents spend 6 to 10 hours per month on risk management activities that assess and correlate the impact of threats on their organizations.
• Respondents said ‘Compliance’ was the driver for almost 30% of IT projects.
• On average, one-third of all organizations prioritized the upgrade/implementation of unique risk and compliance products to address vulnerability assessment, patch management, remediation, governance, risk management, and compliance.
• Nearly 40% organizations claim to be moving towards hosted SaaS and virtualized deployment models in 2012.
• Patch Management frequency is a challenge - almost half of the organizations patch on a monthly basis with one-third doing it on a weekly basis. Just like last year’s analysis, not all companies are able to pinpoint threats or vulnerabilities, as a result, 43% indicate that they over-protect and patch everything they can.
“Managing risk through security and compliance continues to be a leading concern for organizations the world over,” said Jill Kyte, vice president of security management at McAfee. “Meeting the requirements of increasingly demanding regulations while reducing exposure to the new classes of sophisticated threats and having an accurate understanding of risk and compliance at any point in time – can be challenging. To address this issue, organizations are looking to 'best-of-breed' solutions to manage all aspects of their risk and compliance needs and reduce the amount of time spent managing multiple solutions.”
The study was conducted by Evaluserve for McAfee, and includes responses from 438 IT decision makers, consultants and security analysts from companies with more than 250 worldwide employees who are involved in evaluation, selection, day-to-day management and maintenance of security products. Surveys were conducted in Australia, Brazil, Canada, France, Germany, New Zealand, Singapore, United Kingdom and United States.
The full report is available here.