New Study Indicates Most Organizations Can't Access Critical Security Data

Lack of Coordination and Measurement of Security Processes Continues to Hamper Effectiveness

Mar 29, 2011, 08:00 ET from SenSage

SAN FRANCISCO, March 29, 2011 /PRNewswire/ -- Many enterprises feel that their security processes are failing to meet their potential due to a lack of coordination, benchmarking, and proactive improvement among the various "silos" of functionality, according to a new survey published today by SenSage Inc., a leading provider of Security Information and Event Management (SIEM) systems. The survey, conducted at the 2011 RSA Conference in San Francisco, polled over 375 show attendees on the effectiveness of five critical security processes, including log management, compliance reporting, real-time monitoring, forensic investigation and incident response.

SenSage has documented the key findings of its survey in an in-depth report released today, The State of Security Information and Event Management Processes: A Survey of Security Professionals' Attitudes About Security Operations, Measurement and Data Analysis.

The survey revealed:

  • More than half of the respondents (53 percent) said that they have no coordination among those five critical security processes, or that they have only "reactive triage" across them.
  • Sixty-five percent of enterprises say that they have no measurement to benchmark the effectiveness of these processes, or that this measurement is inconsistent.
  • More than a third (34 percent) of respondents said that they have no proactive efforts in place to improve the five processes, or that their improvement efforts have been inconsistent.  
  • As a result of this absence of coordination, measurement, and proactivity, most organizations (57 percent) perceive their log management, compliance reporting, real-time monitoring, forensic investigation and incident response processes to be ineffective or "somewhat effective" at best.

The survey also suggests that the security industry is struggling to overcome the "closed data" models of traditional SIEM and log management systems. When asked if they have ever encountered obstacles to data access and analysis while performing their duties as a security professional, "yes" responses outnumbered "no" responses two to one. Security and compliance analysts shared that the leading use cases driving their need for more data and analysis are around:

  • Better understanding of a compliance exception;
  • Determining how a certain metric was changing over time;
  • Greater/faster understanding of a real-time console alert; and
  • Demonstrating security effectiveness to others (e.g., executives).

"The only good news from this survey is that the coordination, measurement, improvement and perceived value of security management processes have all improved incrementally over last year," said Joe Gottlieb, President and CEO of SenSage. "The rest of the news is more daunting. On their own, compliance reports and real-time consoles leave us on edge, knowing that we have a problem but are deprived of the data we need to track it down and solve it. Typical products and practices in these areas lack the historical trending and benchmarking needed to validate explicit levels of effectiveness to peers, stakeholders and customers."

Added Gottlieb, "Many organizations already have the security enforcement technologies they need to build the 'best available' security defense. What they don't have is a method for proactively coordinating and improving the various functions through measurement and analysis, or for benchmarking their success.  The key to gaining coordination and metrics for measuring security effectiveness is to have a common warehouse for storing the data and an intelligent method for analyzing it."

In pursuit of industry-wide progress on Open Security Intelligence, SenSage invites the security community at large, including its customers, partners and other interested parties, to visit the dedicated web portal – - and engage in an open dialogue about the evolution of security event monitoring and analysis.  The Open Security Intelligence community is exploring ways in which open access to security data in SIEM and log management systems may be leveraged to drive enhanced understanding and continuous improvement of information security operations.

"SenSage customers have been enjoying these capabilities for years and are now poised to share data and coordinate their efforts so that the five silos of critical security functionality –log management, compliance reporting, real-time monitoring, forensic investigation and incident response – can begin to operate as a more coherent layer of defense," concluded Gottlieb.

To review the findings of this survey, SenSage is hosting an upcoming webinar, "Breaking Down the Barriers to Security Effectiveness," on Thursday, April 14, 2011 from 10:00-11:00am PT.  This webinar will examine this year's data, highlight changes over the past year and discuss various use cases driving the need for better security data analysis.  An expert panel will identify how organizations can expand their security self-awareness and continuous improvement by: narrowing the filters that analyze their security events; plotting their progress with continuous trend lines; and enhancing their insight through deeper context.  To register for this webinar, please visit:

About Open Security Intelligence

Open Security Intelligence is what the security industry needs from Security Information and Event Management (SIEM) systems. The time has come to turn proprietary security information into versatile security intelligence through open data access and analysis. Security analysts want security data mining. Executives want security dashboards. Risk managers want key risk indicators. And everyone wants root cause analysis and continuous improvement. Business analysts have enjoyed these capabilities for over a decade, thanks to standards-based interoperability between Business Intelligence tools and Business Data Warehouses. Why can't security organizations leverage the same approach? The purpose of this community is to support the industry dialogue necessary to shape the benefits, address the challenges and catalyze the evolution needed to realize the promise of Open Security Intelligence. Join the conversation at

About SenSage

SenSage®, Inc. delivers unified Security Information and Event Management (SIEM) and log management systems that are open to all event data types, scale to petabytes, minimize storage costs and perform sophisticated data analysis. Hundreds of customers worldwide leverage patented Security Intelligence solutions from SenSage to identify, understand and counteract cyber-threats, fraud and compliance violations. SenSage partners include Cerner, Cisco, EMC, McAfee and SAP. For more information, visit or follow us on Twitter: @SenSage.