4 Detection Engineering Statistics You Need to Know…And Where to Find Them

In the dynamic landscape of cybersecurity, staying ahead of threats requires a keen understanding of detection engineering. We’ve highlighted four crucial statistics that emphasize the current state of detection strategies. From the widespread adoption of the MITRE ATT&CK framework to the persistent role of SIEMs, these insights shed light on the challenges and opportunities facing organizations in fortifying their security postures. Explore where the industry stands and gain valuable perspectives on enhancing threat detection capabilities.

Statistic #1

According to ESG research, 89% of organizations are using the MITRE ATT&CK framework to reduce risk for numerous security operations use cases, including:

  • Applying threat intelligence to alert triage
  • As a guideline for detection engineering
  • Gaining a better understanding of adversary tactics, technique, and procedures

Where to Find It

See page 1

Statistic #2

According to the SANS 2023 SOC Survey, the SIEM continues to be the central operating system of the SOC with 27% of organizations citing the SIEM as one of the top technologies/tools for new hires to be familiar with.

Where to Find It

See page 20

Statistic #3

Despite listing “the complexity and time-consuming nature of developing new detections for new vulnerabilities/attacks” as the most common cause of detection gaps in the SANS Detection Engineering Survey, 78% of organizations still manually map detections.

Where to Find It

See page 6

Statistic #4

The CardinalOps 2023 State of SIEM Detection Risk Report found that enterprise SIEMs are missing detections for 76% of MITRE ATT&CK techniques and 12% of SIEM rules are broken and will never fire.

Where to Find It

See page 3