SIEMs only cover 19% of MITRE ATT&CK tactics.

Published:

spot_img

CardinalOps Report: State of SIEM Detection Risk Highlights Mismatched Capabilities

CardinalOps recently released its State of SIEM Detection Risk report, shedding light on the current state of Security Information and Event Management (SIEM) systems. The report, which analyzed 3,000 detection rules and 1.2 million log sources, revealed that SIEMs only cover 19% of MITRE ATT&CK tactics, leaving a significant gap in security coverage.

Despite this finding, the report also highlighted that organizations have the potential to cover 87% of the techniques if utilized correctly. Key findings from the report include the increasing trend of multiple SIEM environments, with 43% of organizations now utilizing two or more SIEM systems. Additionally, 18% of SIEM rules were found to be broken, often due to missing fields and misconfigured data sources.

Security leaders in the industry weighed in on these findings, offering their insights and concerns. Adam Neel, Senior Threat Detection Engineer at Critical Start, expressed concerns over the complexity that multiple SIEM tools can bring, potentially leading to slower response times and misconfigured rules. Tamir Passi, Senior Product Director at DoControl, emphasized the gap between SIEM capabilities and actual detection coverage, advocating for purpose-built systems for improved detection. John Bambenek, President at Bambenek Consulting, highlighted the need for organizations to focus on foundational behaviors in detection rules rather than specific indicators.

Overall, the CardinalOps report serves as a wake-up call for organizations to reassess their SIEM strategies and ensure proper coverage of detection techniques to enhance their cybersecurity posture.

spot_img

Related articles

Recent articles

Australia-India PACTS Advances Cybersecurity and Technology Cooperation

Australia-India PACTS Advances cybersecurity and Technology Cooperation Australia and India have launched the Australia-India Partnership on Cyber, Critical Technologies, and Supply Chains (PACTS), a strategic...

Microsoft’s July Patch Tuesday Unveils Critical Exploits Amidst 622 Vulnerabilities

Microsoft's July Patch Tuesday Unveils Critical Exploits Amidst 622 Vulnerabilities Microsoft's recent Patch Tuesday has revealed significant vulnerabilities, with two of them already being exploited...

Enshi Suobuya Stone Forest Boosts Cultural Experiences for Southeast Asian Tourists

Enshi Suobuya Stone Forest Boosts Cultural Experiences for Southeast Asian Tourists ENSHI, CHINA - As China continues to refine its inbound visa-free policies, the Suobuya...

Three Russians Charged in $62M Cybercrime Scheme Targeting U.S. Infrastructure

Three Russians Charged in $62M Cybercrime Scheme Targeting U.S. Infrastructure In a significant development in the fight against cybercrime, three Russian nationals have been indicted...