SenSage recently conducted a survey of 383 information security professionals and found that two out of three had encountered obstacles to security data access and analysis while performing their security duties. This clearly validates the need for open data analysis architectures in the SIEM and Log Management market. According to the same survey, the tasks impacted by these obstacles are critical to the perceived effectiveness of log management, compliance reporting, real-time monitoring, forensic investigation and incident response processes in their organizations. I would place the impeded tasks into two groups: traditional but underwhelming and emergent but immature.

In the traditional but underwhelming category we have basic things like “trying to better understand a compliance exception or real-time console alert.” You would think that these tasks would have matured and evolved to a point of effectiveness by now but they haven’t because most SIEM and Log Management offerings do not enable the end user to drill into data behind compliance reports and real-time alerts. In the emergent but immature category, we have more holistic things like “trying to understand how a certain metric is changing over time” and “trying to compare security effectiveness across different groups or environments.” Again, we can trace the struggle here to weak data management scalability and weak data analysis capabilities of most SIEM and Log Management offerings. SenSage specializes in delivering these scalability, drill-down and trend analysis capabilities within its SIEM and Log Management offering, and is encourage by the fact that the industry is starting to acknowledge these challenges and demonstrating an interest in tackling them in order to improve their security postures.

This second annual survey also indicated minor progress in security management process evolution. Specifically, coordination across log management, compliance reporting, real-time monitoring, forensic investigation and incident response processes has improved slightly but remains a challenge. We know that process coordination is challenged by the usual “organizational dynamics” in large companies and government agencies. But we also know that data (fact) helps stimulate cooperation across teams because it cuts through subjective and political behaviors. Other findings include:

• Measurement of these processes is basically flat year over year (measurement is hard, especially when you don’t have the tools
• Consistency of process improvement has increased, but finding the resources needed to implement process improvements remains a challenge
• Perceived effectiveness of these processes has improved slightly year over year, but 57% still believe that they are infective or only somewhat effective

SenSage conducts these surveys to keep tabs on how the problem set is evolving in our market. We continue to believe – and these surveys continue to confirm – that effective data management, scalability and analysis is critical for success in proactive security organizations.

SenSage will present a webinar detailing the survey results, changes in the past year, interesting correlations and emerging use cases for data-driven security management. If you would like to attend, please register here.

permalink