Not a day goes by without a security breach or espionage hitting the headlines, most recent high-profile examples include Skype and Snapchat. It doesn’t matter whether it’s an internal or external hack caused by a deliberate or inadvertent action, ultimately the IT manager is made accountable for the security gaps.
To make sure incidents such as these are avoided or don’t reoccur, policies are often hastily revisited. It is a continuing battle for organisations, however, Security Information and Event Management (SIEM) can be a key aspect of an IT department’s arsenal to help with the fight. Built-in logging mechanisms in devices, systems and applications, can help track events.
Though most of us in the IT industry understand the need for centralising these logs and their role in tracking down the potentially anomaly situations and security violations, skimming through millions of log records to find the information that matters the most proves difficult. This has been addressed with SIEM solutions that bring critical threats to the forefront by iterative log data analysis.
To understand how IT teams are managing their network logs and how SIEM solutions are perceived today, we conducted a survey consisting of 337 corporate participants in 58 countries. The survey revealed interesting insights into how far SIEM has been accepted in the market to protect IT against security risks.
Log Aggregation Still Slogs Automation
System logs are the major source of tracking diverse activities. Centralising logs help assess trends and understand strange events across the IT infrastructure. Every administrator admits the importance of it, although this doesn’t necessarily prevent a vast majority from using manual scripts and CRON jobs to centralise log collection. About 52% of the respondents surveyed admitted still using manual scripts or in-house log collection tools, which ultimately may end up being painful to maintain.
For example, if an IT admin completed the job of scheduling and scripting to centralise logs across the IT, they will still be asked to maintain it irrespective of how high they go up the ladder in the organisation. It is even worse if they leave the company as the IT team will have no clue on where, what, and how to maintain the data. For large organisations this is obviously not the most effective system and therefore we are seeing an increasing need in the market for automated tools for centralising log collection.
Log Analytics: Sending IT Admins Word Blind
Unfortunately most IT organisations are under-staffed. Despite this, when company security is at stake, the IT team understandably has no option other than to analyse the root cause, regardless of the hours spent. Largely, the logs help in investigating the security incidents. However, staring at the logs for five minutes will inevitably send any IT admin word blind. IT security admins go through this grief every time there is an anomaly.
On average, IT teams spend over four hours a week analysing logs, which actually seems like a very small time. If you consider this time over a whole year, the data gets overwhelming – that’s over 200 hours analysing log data. As with the log collection point made earlier, the right tools can ensure that this time is freed up to invest in other areas.
Real-Time Event Monitoring Trumping Compliance Benefits
Most organisations initiate security projects with compliance or regulatory mandate funds. As soon as they get a grip on how the solution could help them solve critical business problems and stay secure against targeted attacks, the IT team starts to appreciate the full benefits.
This trend is evident in the survey results, with more administrators using SIEM solutions for real-time security event monitoring and security incident investigation when compared to statutory compliance reporting. Compliance reporting is ranked 3rd among other benefits of SIEM solutions.
Complexity Of SIEM Putting IT Managers Off
All of the above begs the perplexing question of why, if IT teams understand the need for SIEM solutions, are they still working with manual or in-house script. It appears from our research that most admins feel SIEM solutions are complex to understand and deploy. The exorbitant pricing and confusing licensing structures is a close second.
Simplifying and making SIEM solutions usable will drive the market for the next few years – taking this into account when designing products will be key for vendors.
The Rising Importance Of Monitoring Cloud Infrastructure
The thirst to cut cost and deliver efficient services always keeps IT on the run to adapt to newer technologies. The cloud rush in the recent past is also a similar outcome. However, security is an often quoted concern which may have led to a slower cloud adoption rate. Interestingly, around 50% of our respondents either already have or are planning for cloud infrastructure and feel it is important to monitor and centralise events for this infrastructure.
Besides large enterprises, knowledge and consciousness about IT security is on the rise among SMBs and emerging enterprises. To add to this, regulatory bodies are staying vigilant about the various security threats faced by enterprises and amendments are carried-out at regular intervals. Over the next few years security will lose its exclusivity and be mainstream knowledge across IT. One flipside to this is often IT security is blurred with big data analytics – hopefully in the not too distant future this will become clearer.