New Study: Traditional SIEMs Outpaced by Evolving Threats, New Analytics Technologies

Independent research suggests security professionals are seeking security analytics tools that can streamline analysis and improve visibility, enabling accelerated incident response. OVERLAND PARK, KS – FireMon has published a study on the state of data-driven security programs and the potential impact security analytics tools will have on them. This commissioned research conducted by Forrester Consulting found that increasingly large volumes of data along with more sophisticated adversaries overwhelm security teams and traditional SIEM solutions. As a result, IT leaders are looking to security analytics to streamline human analysis and improve response time. Forrester Consulting surveyed 100 IT decision makers at U.S. enterprises and compiled with existing data for their study, focusing on their top priorities and challenges and the role of data analysis in their security programs. The full study, “Security Analytics Brings Data-Driven Security Into the 21st Century,” is available for download from FireMon. Findings include:

  • Security professionals’ top initiatives are addressing existing threats (75%) and improving advanced threat intelligence capabilities (74%). While compliance also remains a top priority (69%), the primary focus for security professionals has shifted toward protection rather than prevention.
  • SIEM solutions, while traditionally reserved for compliance, goals for these solutions have evolved to include incident response and triage in 71% of organizations surveyed. However, the majority stated that their traditional SIEM is not intuitive, the insights need to be more accessible and the data output is more than staff have capacity to analyze.
  • In the next two years, 70% of those surveyed plan to use Security Analytics platforms to streamline human interpretation of security events. The desired outcomes are faster incident response, better business alignment, improved visibility, and freeing up staff for other priorities.

The study states, “The limitations of traditional SIEM systems create a market that is ripe for new and better solutions for security analytics… As security professionals strive to improve staff productivity and efficiency, security analytics platforms will emerge as a major investment priority.” Jeff Barker, FireMon’s VP of Product Management for Immediate Insight, echoes Forrester’s findings. He stresses, “Becoming data-driven is a process, not an event. It requires data to be more accessible to more people on the team, so it can be consumed and analyzed more efficiently.” Barker and his team built the Immediate Insight software to address the need for more efficient, more accessible data analysis. Natural-language search and analytics removes the need to learn a query language, and data collection doesn’t require parsing, which eliminates the prerequisite knowledge normally required to bring different data sources together. The system automatically enriches and correlates collected data to speed up the time it takes to discover unusual activity on the network. FireMon’s Immediate Insight team will also showcase the software in Booth #1233 at the RSA Conference in San Francisco February 29 – March 3. FireMon solutions deliver continuous visibility into and control over network security infrastructure, policies, and risk. Using the FireMon Security Intelligence Platform, today’s enterprise organizations, government agencies, and managed services providers dramatically improve effectiveness of network defenses, optimizing investments and speeding response to changing business demands.