83% of organizations experienced more than one data breach in 2022. However, 97% of respondents feel confident that they are well-equipped with the tools and processes needed to prevent and identify intrusions or breaches, according to Exabeam.
“The findings indicate a sizable disconnect between market promises and team perceptions. As a result, teams lack the holistic visibility and context to zero in on adversary behaviour to identify the causes of major incidents and breaches. As a result, large-scale data breaches and multi-million-dollar remediation efforts are taking a toll on organizations’ brands, customer retention, and act as a distraction to business momentum and budgets,” said Steve Moore, Chief Security Strategist at Exabeam.
The current state of SIEM at U.S. organizations
46% of all respondents operate more than one cloud or on-premises SIEM platform. Among those with SIEM tools:
64% of those who have one platform are very confident they can detect cyberattacks based on adversary behaviour alone, while 59% of those with two or more platforms are very confident. In addition, 4% of U.S. security professionals report not using a SIEM platform, and of those respondents, 81% were confident.
However, just 17% of all respondents can see 81–100% of their network. Since many analysts lack full visibility, the likelihood that adversaries are lurking in dark corners grows ever greater.
Prevention a higher priority than threat detection, investigation, and response (TDIR)
One reason security teams struggle to prevent breaches is that adversaries are often already in the