Why do SIEM solutions suck

Why do SIEM solutions suck?

The purpose of this survey is to get real IT and IT Security professionals to answer exactly what they don't like about SIEM solutions. This is NOT a sales pitch, or some corny attempt to collect email addresses by a vendor. We actually want to know what you think.

Question Title

* 1. SIEM solutions don't provide enough value for the high cost

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Provide a short explanation of why you feel this way?

Question Title

* 2. A SIEM does essentially nothing out of the box on its own. Of course, an organization can buy a preconfigured SIEM at extra costs, but these preconfigured SIEMs are often distractingly noisy and devoid of context. Furthermore, a preconfigured SIEM almost certainly isn’t—and really can’t be—tailored to the unique threat model, maturity, and needs of an organization.

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Please provide a short explanation of why you feel this way.

Question Title

* 3. Configuring their SIEM for your organization is extremely difficult, and just using the SIEM solution can be challenging. Something a seemly as simple as locating data in the SIEM solution can be a nightmare.

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Please provide a short explanation of why you feel this way.

Question Title

* 4. SIEM solutions generate too much “noise data.” Alert fatigue is a real problem.

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Other (please specify)

Question Title

* 5. Most SIEM solutions simply aggregate system logs and merely alert analysts when something bad may have happened, they often lack context and actionable data, which can leave analysts wondering how to respond to an alert from their SIEM

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Please provide a short explanation of why you feel this way.

Question Title

* 6. The SIEM solutions' reports are difficult to understand and often have to be dumbed down for management to understand them.

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Please provide a short explanation of why you feel this way.

Question Title

* 7. Consumption-rate-based pricing models that lead to unexpected costs down the line. Collecting, storing, and analyzing security events are tasks that seem relatively simple. However, their collection, storage, and execution of compliance reports, application of patches and analysis of all security events occurring on a company’s network are not trivial – the size of storage media, computing power for information processing, the integration time of security equipment, setting up alerts, and lot more. The initial investment can be in the hundreds of thousands of dollars to which must be added the annual support.

In addition, hardware and software licenses cover one-third of the SIEM Costs.

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Please provide a short explanation of why you feel this way.

Question Title

* 8. Next generation SIEMs do not excite me. It's better but still doesn't solve the core problems. Integration of CASB, EDR, UEBA, and SOAR don't look very promising.

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Please provide a short explanation of why you feel this way.

Question Title

* 9. Do you think a cloud native solution will be able to address some of the issues outlined in this survey?

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Please provide a short explanation of why you feel this way.

Question Title

* 10. Do you want to help by continuing to provide feedback on SIEM solution issues?

Yes

Please provide your email if you want to continue to help us with figuring out what is so bad about SIEM solutions.