From: Information Age
Enterprises are investing in big data solutions like SIEM to help them better detect cyber attacks – so why do many IT pros feel that SIEM still leaves them short on answers in many areas?
Posted by Chloe Green
***
SIEM deployment is complex and expensive yet the large volumes of collected data leave administrators with much to do before they can extract any meaningful results. Often they are presented with a sea of information and a lack of actionable insight that inevitably leads to missed security incidents. One of the issues with being alerted to all network events is that more than half of them are false alarms.
***
Too much data, too little actionable information
In the survey, 81% of respondents thought that SIEM reports contain too much extraneous information. Records often reveal several or even dozens of entries, much of it completely innocuous, for every change made to a system.
Leave a Reply