News & Updates
CardinalOps found SIEMs already ingest enough data to cover 94% of MITRE ATT&CK techniques suggesting organizations don’t need to collect more data but need to scale detection engineering processes to develop more detections, faster.
To help organizations address their detection challenges, the 2023 CardinalOps report includes a series of best practices to help SOC teams measure and continuously improve the robustness of their detection posture over time.
A CardinalOps report states organizations are often unaware of the gap between the theoretical security they assume they have and the actual security they have in practice, creating a false impression of their detection posture.
Organizations use MITRE ATT&CK to measure their readiness to detect high-priority threats but grapple with constant change in adversary techniques and expanding attack surfaces. Data from CardinalOps’ SIEM Detection Risk report highlights these challenges.
Most organizations face the challenge of how to continuously assess and strengthen the effectiveness of their existing SIEMs. These challenges are clearly illustrated in data from this year’s SIEM Detection Risk report from CardinalOps.
Enterprise SIEMs already ingest sufficient data to cover 94% of all MITRE ATT&CK techniques. Organizations don’t need to collect more data but rather scale detection engineering processes to develop more detections, faster.
CardinalOps recently released the Third Annual Report on the State of SIEM Detection Risk which found enterprise SIEMs are missing detections for around three-quarters of all techniques that adversaries use to execute cyberattacks.
Enterprises lack detections for more than three-quarters of all MITRE ATT&CK techniques, while 12% of SIEM rules are broken and will never fire due to data quality issues including misconfigured data sources and missing fields.
The CardinalOps’ 2023 Report on State of SIEM Detection Risk showed that SIEMs can only detect 24% of the techniques listed in MITRE ATT&CK, leaving organizations vulnerable to ransomware attacks, data breaches and other cyber threats.
“These findings illustrate a simple truth: Most organizations don’t have good visibility into their MITRE ATT&CK coverage and are struggling to get the most from their existing SIEMs,” said CardinalOps co-founder and CEO Michael Mumcuoglu.
Researchers from CardinalOps analyzed data from production SIEM platforms from companies such as Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic, and found that they have detections for just 24% of all MITRE ATT&CK techniques.
CardinalOps, the detection posture management company, is sponsoring a live SANS webinar to help today’s Security Operations teams implement a risk-based detection strategy to address modern threats and a quickly expanding attack surface.