There is a wealth of data available to security analysts, but many have trouble finding what really matters in all the noise. According to Enterprise Strategy Group (ESG) research, organizations believe that making new data pipeline investments in the following areas would add the most significant additional value: keeping up with real-time data sources (40%), performing more comprehensive analytics to recognize complex attacks (39%), and collecting and centralizing data from more security controls and sources (32%).
ESG also discovered that organizations consider security information and event management (SIEM) infrastructure difficult to manage. As shown in Figure 1, 32% of organizations believe maintaining and operating SIEM infrastructure is costly and takes too many resources and too much time. 30% believe that junior analysts tend to struggle to use SIEM effectively, because many SIEMs don’t provide real-time correlation and analysis and because the tool is complex and difficult to use.