target audience: TECH SUPPLIER Publication date: Mar 2023 - Document type: IDC Survey - Doc Document number: # US50436623
SIEM and Mature Versus Less Mature Security Operations: Differences Between Novices, Apprentices, Veterans, and Pacesetters
Content
- 40 slides
Get More
When you purchase this document, the purchase price can be applied to the cost of an annual subscription, giving you access to more research for your investment.
Related Links
Abstract
This IDC Survey examines results from IDC's Security Operations Center Survey, which was conducted in December 2022 in the United States. The goal was to characterize the maturity of the security operations and understand actions related to the security information and event management (SIEM) platform in relation to maturity. Respondents are from a broad range of industries and company sizes.
Key findings from the survey include:
- The mature pacesetters are more likely to use SIEM than less mature groups; user behavioral analytics, incident investigation, and threat hunting are the top use cases for SIEM among all respondents.
- 89% of respondents see more than 100 alerts per day; the larger the organization, the greater the number of alerts due to the oftentimes larger IT environment.
- SIEM is hard. 41% of security teams report they reconfigure their SIEM due to broken detection rules at least once per month and 29% have a minimum of four full-time staff on their detection engineering teams.
- Over 75% of respondents are actively automating IT security workflows, but 52% of those automating report that automation is harder and is taking longer than expected.
"Maturity does not correlate to the size of the organization, the size of the IT security team, or the size of the IT security budget," said Michelle Abraham, research director, Security and Trust at IDC. "Our survey found mature security practices and operations are present across the spectrum of organizations."