HOME Resources White Papers & Videos 2023 Report on State of SIEM Detection Risk

|

Meghan Mclean

2023 Report on State of SIEM Detection Risk

In our third annual report, CardinalOps set out to gain visibility into the current state of use case development and threat detection coverage in enterprise SOCs. We analyzed, aggregated and anonymized data from production SIEM instances to understand SOC preparedness to detect the latest adversary techniques in MITRE ATT&CK.

The report analyzes real-world data from production SIEMs – including Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic – covering more than 4,000 detection rules, nearly one million log sources, and hundreds of unique log source types.

Key findings include:

  • Actual MITRE ATT&CK detection coverage remains far below what most organizations expect.
  • SIEMs don’t need more data, they are already ingesting enough data to cover a substantial percentage of MITRE ATT&CK techniques. 
  • Broken rules are also common, resulting in increased risk of breach due to undetected attacks.
  • Organizations are implementing “detection-in-depth”– but monitoring of containers lags behind.

To help organizations address their detection challenges, the 2023 CardinalOps report also includes a series of best practices to help SOC teams measure and continuously improve the robustness of their detection posture over time.

Download the report to benchmark your SIEM against real-world data from production SIEM deployments.

Download Now

This field is for validation purposes and should be left unchanged.

About CardinalOps:

Founded by security experts with nation-state expertise and led by executives from industry leaders such as Palo Alto Networks, Microsoft Security, and IBM Security, CardinalOps is focused on maximizing the effectiveness and efficiency of your existing security stack. Using automation and MITRE ATT&CK, the CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing SIEM/XDR so you can easily implement a threat-informed defense. What’s more, it improves detection engineering productivity by 10x and drives cost savings by recommending new ways to tune noisy and inefficient queries, reduce logging volume, and eliminate underused tools in your stack. Visit www.cardinalops.com to learn more.