Study Finds a Significant Percentage of Companies Lack Resources to Manage IT Security challenges
COLUMBIA, MD –May 9, 2016: EventTracker, a leading provider of comprehensive and co-managed SIEM solutions, today announced the results of its sponsored, in-depth research and analysis report titled, “Co-sourcing for SIEM expertise.” The survey was conducted in April 2016 by SC Magazine, based on responses from 377 information security professionals across diverse industries. The objective of the study was to highlight the challenges faced in implementing IT security strategies in small to medium-sized (SME) and large enterprises.
According to the report, nearly 64 percent of the respondents confirmed that they lack the time to manage security activities, regardless of company size and budget. Medium-sized businesses are under increasing pressures to implement sophisticated cybersecurity tools that are typical to a Fortune 500 company. Partnering with SIEM vendors is predicted as the most viable option considering the budget constraints, labor shortage and ultra-tight cybersecurity labor market.
“We are aware of the resources and time constraints of IT security professionals to manage their IT security,” said A.N. Ananth, CEO, EventTracker. “It can be challenging to hire and keep the skills set needed for complex IT security solutions like SIEM in addition to the requirements of regular monitoring and analysis. As a result, we’ve seen the increasing trend for SIEM-as-a-Service rise over the past several years.”
A summary of the report findings:
- Key finding: SMEs and companies with $1 billion or more in revenue or 5,000-plus employees answered some key questions almost identically. 64 percent of respondents at companies with less than $100 million in annual revenue felt that they “lack the time to manage all the security activities.” The figure was the same for firms with revenues of $100 million to $1 billion. Among the big players with greater than $1 billion in revenue, the number agreeing with that statement was only marginally lower, at 62 percent.
- SIEM Strategy: According the results, SIEM is regarded as a large company technology, partly due to lack of definitive ROI stats for SIEM technology. Only 23 percent of respondents say that they have not made any investments in SIEM technology. Some 31 percent of respondents report high ROI for vulnerability assessment tools. Those numbers suggest that SIEM is often regarded as a big company technology, one that requires large investments and maintenance.
- IT security staffing: 49 percent of the survey respondents say that they lack IT security staff. Due to this, the SMEs face a choice between choosing out-of-the-box security offerings or simply outsourcing their efforts to managed security service providers (MSSPs). Experts recommend a hybrid, SIEM-as-a-service model to meet the objectives.
- Compliance: The survey indicates that compliance is a particular challenge for small and medium-sized companies. Large companies are better prepared for compliance audits with their presumably wider deployment of SIEM as a factor in such preparations.
- Preparedness for malicious insider attacks was weaker across the board, with just 21 percent of the smallest companies surveyed giving themselves the top rank, 25 percent for the middle tier in the sample, and 38 percent of the biggest companies rating themselves at the top.
The free report can be downloaded here: http://www.eventtracker.com/screport/.
For more information about EventTracker Security Center, visit http://www.eventtracker.com/products/security-center/.
EventTracker enables its customers to stop attacks and pass IT audits. EventTracker’s award-winning product suite includes EventTracker Security Center and EventTracker Log Manager which transform high-volume, cryptic log data into actionable and prioritized intelligence to optimize IT operations, detect and deter costly security breaches, and comply with multiple regulatory mandates. EventTracker clients include government agencies, commercial enterprises, and the healthcare and financial sectors.
In addition to best-in-class product features, EventTracker offers SIEM Simplified, a professional services engagement to guarantee successful outcomes. EventTracker’s experienced staff assumes as much or as little responsibility for all SIEM-related tasks as clients require including planning, scoping, and installing the implementation, as well as performing run, watch and tune functions of the implementation on each client’s behalf. EventTracker’s team includes experts in various technologies including Windows, Cisco, VMware, Checkpoint and many security solutions such as Snort, McAfee, Imperva, etc.
As the only SIEM vendor to own both product and service delivery functions, EventTracker’s solutions are tailored to customer need, resulting in superior quality at competitive pricing to the SME market. Visit www.eventtracker.com for more information. Follow us on Twitter @logtalk.
Smart Connections PR