Research Indicates IT Security Needs Of Mid-Sized Organizations Becoming More Sophisticated
RSA, The Security Division of EMC, recently released the results of two new research initiatives that explore log management priorities for mid-sized organizations.
The first survey, conducted by SANS Institute, is a sampling of data from the SANS Sixth Annual Log Management Survey Report focused on small and mid-sized organizations with less than two thousand employees.
This new data ranked security issues highest in criticality for users of log management solutions as compared to regulatory requirements and compliance. The second separate survey of fifty mid-sized organizations, conducted by RSA, offers similar results that security is a primary concern for Security Information and Event Management (SIEM) users.
The SANS survey reports that issues reported are in large part consistent throughout company sizes. However, when breaking down the data, specific to small and mid-sized organizations, the research revealed that almost 80 percent rank detection and prevention highest in criticality.
This research reveals a trend that mid-sized organizations better understand the importance of collecting logs and how they get the best information from what is being collected. The top of mind critical issue is detection and prevention suggesting this segment of users needs their log management solutions to handle more than just compliance and reporting.
Interestingly respondents reported that logs are most useful for forensic analysis and correlation followed by detection and prevention, both at more than 90 percent, suggesting the needs of mid-sized organizations are becoming more sophisticated and they are demanding more value from their log management systems.
"Up until now, compliance to regulations has been a catalyst, enabling log management to grow and mature as never before," said Sam Curry, RSA's chief technologist. "Now that this technology is in place there is the option to better take advantage of some of the more sophisticated Security Information and Event Management (SIEM) tools designed to support the evolving security needs of mid-sized organizations."
"This data suggests that organizations want and need the efficiency of a log management solution to move beyond compliance to security detection, reaction and prevention," said Jerry Shenk, senior analyst at SANS, "as well as to augment effective IT and network operations."
RSA conducted a separate survey of mid-sized organizations to better understand the mid-sized market for log management and SIEM. The results confirm suspicions that security is moving up as a top priority in this market. Respondents surveyed revealed the primary usage for their SIEM solution was for security operations functions at 89 percent compared with 54 percent who cited compliance. Moreover, these survey results reported that as many as 66 percent of those surveyed ranked real-time monitoring as most important when evaluating a SIEM vendor. This research also revealed that more than 75 percent felt real-time monitoring is essential.
"We need a flexible and dynamic solution that allows us to quickly adapt to new security threats," said Paolo Bragadini, SOC Manager, Communication Valley. "Having a SIEM solution that allows us to achieve greater security, without over burdening our analysts with too much data, helps us to better streamline costs."
"Security isn't just about packets and compliance for our team," said Charles Beierle, director of information aecurity at RBFCU. "It's about combining information and context to create intelligence useful for making business decisions. Efficiently capturing those two components from all kinds of disparate sources have made the case for continued SIEM investment."