Only 19% of MITRE ATT&CK techniques leveraged by threat actors could be detected by major enterprise security information and event management tools, including those from Microsoft, Splunk, IBM, and Sumo Logic, despite the presence of data that could allow the identification of 87% of such techniques, reports SiliconAngle.
Misconfigured data sources and incomplete fields hindered the functionality of 18% of analyzed SIEM rules, revealed a study from CardinalOps, which attributed SIEM detection gaps to an increasingly expanding attack surface, more sophisticated attack techniques, and persistent use of manual processes. Such findings highlight a substantial disparity between the capabilities and detection coverage of SIEM systems, according to DoControl Senior Product Director Tamir Passi.
"This gap underscores a fundamental challenge for security operations centers worldwide. Fact is, SIEMs are too much of a Swiss army knife. This is why companies should be using purpose-built systems for detection such as SaaS Security Posture Management and Cloud Security Posture Management," Passi added.