Like the previous years, 2019 also witnessed the surge in data breaches and cyber-attacks. However, organizations having SIEM or/and SOAR system in place were better than those using traditional security tools. The cyber-attacks in 2019 were mostly related to financial crimes, supply chain attacks, phishing exploits, state-sponsored attacks, Grid attacks, health sector attacks, and attacks on IoT devices. Cybersecurity skills shortage was also one of the major concerns in 2019.
The Efficiency of SIEM and SOAR in 2019
According to the 2019 SIEM Survey report, published by the Alien Vault, the Security Information and Event Management (SIEM was a powerful tool that allowed security professionals to collect, correlate, and analyze log data from various systems within IT infrastructure to find out and report cybersecurity threats and malicious activities.
In addition, the survey also unveiled that three-quarters of security practitioners confirmed that SIEM was very essential to their enterprises’ cybersecurity postures (76 percent). Moreover, a commendable 8 out of 10 SIEM users were satisfied with the effectiveness of their SIEM solution (86 percent). According to them, the SIEM:
- Provided faster detection and response
- Provided efficient security operations
- Better visibility into threats
By keeping the performance of SOAR in mind, Garter in its report, “2019 Market Guide for Security Orchestration, Automation, and Response (SOAR)” projected that by the end of 2020, almost 30 percent of enterprises with a security team larger than five security personnel would deploy SOAR solutions in their security operations.
Threat Detection and Reduction Capabilities of SIEM and SOAR in 2019
Furthermore, 2019 was also not bad for most of the organizations using a SIEM platform. The survey revealed that more than seven (7) out of ten (10) companies had a better threat detection and a massive reduction in data breaches (76%). The respondents of the survey discovered that SIEM was very efficient for:
- Detecting Advanced Persistent Threats (42%)
- Detecting unauthorized access (46%)
- Detecting insider attacks (37%)
- Denial of service attacks (29%)
- Prolific zero-day attacks (28%)
- Malware attacks (35%%)
- Web application attacks such as cross-site scripting, SQL injection, or buffer overflows (34%)
- The hijacking of accounts resources or services (33%)
The SIEM was successful in providing compliance reporting (38%), monitoring server and database access (51%), and monitoring activities of users (51%).
The role of SOAR in threat detection and threat intelligence was also commendable. In fact, SOAR allowed the centralized collection, aggregation, and enrichment of existing data with threat intelligence. After that, more importantly, such threat intelligence was converted into the action.
Detection Time of Security Events
According to the Alient Vault survey, many respondents believed that their organizations were successful in quickly detecting the security compromise with a SIEM solution. Below is the time and percentage ratio of detection:
- Within a minute (40%)
- Within weeks (1%)
- Within days (14%)
- Within one month (4%)
- More than 1 month (2%)
Garter in its report, “2019 Market Guide for Security Orchestration, Automation, and Response (SOAR)” suggested that reducing the response time, including the containment and remediation of an incident, was one of the most reliable ways to control the impact of security incidents.