SIEM complexity and cloud visibility put companies at risk
Nearly half of companies are unable to remediate insider threats until after data loss has occurred, a Gurucul survey reveals.
The study found that lack of visibility into anomalous activity, especially in the cloud, and manual SIEM workloads have increased the risk of insider threats for organizations and prevent many from detecting and stopping data exfiltration.
Some of the report’s key findings include:
- 68% of organizations feel vulnerable to insider attacks
- 53% of organizations believe detecting insider attacks has become significantly to somewhat harder since migrating to the cloud
- 63% of organizations think that privileged IT users pose the biggest insider security risk to organizations
- Organizations cite lack of resources (31%) and too many false positive alerts (22%) as the biggest hurdles in maximizing the value of SIEM technology
- Only about one third of organizations are able to detect anomalous behavior in NetFlow/packet data (35%), service accounts (39%) and cloud resources (30%)
“Insider threats are not limited to employees. They extend to contractors, supply chain partners, service providers and account compromise attacks that can abuse access to an organization’s assets both on-premise and in the cloud,” said Craig Cooper, COO of Gurucul.
“Lack of visibility and legacy SIEM deployments put companies at risk. Insider threat programs that monitor the behavior of users and devices to detect when they deviate from their baselines using security analytics can provide unmatched detection, risk-based controls and automation.”