Ponemon Institute Reveals Security Teams Spend Approximately 25 Percent of Their Time Chasing False Positives; Response Times Stymied by Legacy Tools - Exabeam

Ponemon Institute Reveals Security Teams Spend Approximately 25 Percent of Their Time Chasing False Positives; Response Times Stymied by Legacy Tools

August 01, 2019

Reading time
5 mins

Research indicates an urgent need for newer SIEM technologies that increase SOC analyst productivity and improve security effectiveness as U.S. enterprises struggle to respond to nearly 4,000 alerts per week


SAN MATEO, Calif., Aug. 1, 2019 – Today Exabeam, the Smarter SIEM™ company, and the Ponemon Institute, announced joint research, revealing that on average, security personnel in U.S. enterprises waste approximately 25 percent of their time chasing false positives because security alerts or indicators of compromise (IOCs) are erroneous. The report also highlighted the need for security operations center (SOC) productivity improvements, citing that security teams must evaluate and respond to nearly 4,000 security alerts per week.

The persistent struggle to improve productivity revealed the need for newer security information and event management (SIEM) technologies such as user and entity behavior analytics (UEBA) and security orchestration, automation and response (SOAR). While the study found that chasing false positives is the most time-consuming task for security teams, it also showed that 1) investigating actionable intelligence and building incident timelines and 2) cleaning, fixing and/or patching networks, applications and devices resulting from an incident each take over 15 percent of a security team’s time. These inefficiencies can stymie response times to cyberattacks, leaving organizations vulnerable to data and financial losses for longer periods.

However, the report found that modern SIEM technologies such as UEBA and SOAR can significantly improve productivity. Exabeam was able to reduce total time spent by enterprises on security tasks by 51 percent. Other SIEM solutions were only able to reduce the total time by less than a third (31 percent).

SIEMs are central to SOC cybersecurity for collecting logs and data from multiple network sources for the evaluation, analysis and correlation of network events used for threat detection. However, modern SIEMs are most effective because they leverage machine learning and behavior analytics to identify increasingly sophisticated cyberattacks and highly targeted hack techniques. When used in conjunction with a full arsenal of tools like intelligent incident timeline construction and automated response, modern SIEMs provide significantly more context for how attackers think, work or what they are after.

“Our research determined that SIEMs, Exabeam’s in particular, save time, increase productivity and improve security effectiveness for security teams,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Exabeam provides enterprise security teams with the gift of time through a compelling user-based pricing model and modern features like behavioral analytics, machine-built timelines, automated incident response playbooks, and use case-specific content such as parsers, rules, models, playbooks and reports.”

The report further highlights that security operations teams are under water. In approximately 80 percent of companies, SIEM solutions do not help reduce their headcount costs. Instead, improved productivity allows security leadership to better deliver on their existing mandates. This is especially important considering that one-third of respondents to the Exabeam 2019 State of the SOC Report reported being understaffed, with the most common shortage being 6-10 employees.

Exabeam’s SIEM Helps Drive Value and Improve Effectiveness

A principal reason that organizations are seeing value from SIEM investments in a short period of time is the improvement in IT security team effectiveness. According to the study, 92 percent of Exabeam respondents were able to see its value within a week after deployment versus 53 percent of users of other SIEM solutions.

Additionally, Exabeam users are significantly improving the effectiveness of their security operations, with 95 percent of Exabeam respondents saying it is an effective solution for detection and investigation. Specifically, Exabeam effectively prioritizes alerts, allowing analysts to investigate 83 percent of daily alerts versus 45 percent for other SIEMs. Eighty-five percent of respondents also say that Exabeam is effective at reducing false positives, with mistaken alerts happening only 10 percent of the time, compared to 33 percent for other SIEMs.

Reduction of operational costs is equally impressive. Ninety percent of Exabeam respondents say Exabeam is highly effective at reducing the operational costs associated with using a SIEM for detection and investigation. This is twice as many as respondents whose organizations use other SIEM solutions. Similarly, Exabeam is able to reduce the number of security point products and the need to buy professional services.

“This study is further proof that Exabeam’s SIEM technology is far better at boosting the efficiency and effectiveness of SOC analysts and improving an enterprise’s overall security posture,” said Trevor Daughney, VP, Product Marketing at Exabeam.

The Ponemon survey, sponsored by Exabeam, sought the opinions of 596 experienced IT and IT security practitioners in the United States. All respondents were familiar with their organization’s SIEM deployment and involved in the detection, investigation and/or remediation of security threats inside its network. Among those respondents, a subsample included 42 Exabeam customers.

To learn more about Exabeam’s SIEM and threat intelligence solutions, visit www.exabeam.com. To read the full Ponemon Institute report, “Exabeam SIEM Productivity Study,” click here.

About Exabeam

Exabeam is the Smarter SIEM™ company. We empower enterprises to detect, investigate and respond to cyberattacks more efficiently so their security operations and insider threat teams can work smarter. Security organizations no longer have to live with excessive logging fees, missed distributed attacks and unknown threats, or manual investigations and remediation. With the modular Exabeam Security Management Platform, analysts can collect unlimited log data, use behavioral analytics to detect attacks, and automate incident response, both on-premises or in the cloud. Exabeam Smart Timelines, sequences of user and device behavior created using machine learning, further reduce the time and specialization required to detect attacker tactics, techniques and procedures. For more information, visit https://www.exabeam.com.

Exabeam, the Exabeam logo, Smarter SIEM, Smart Timelines and Security Management Platform are service marks, trademarks or registered marks of Exabeam, Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Exabeam, Inc. All rights reserved.

Press Contacts:

Touchdown PR
Emily Gallagher/Alyssa Pallotti
Touchdown PR
[email protected]
Recent Press Releases
Exabeam Named on the Inc. 5000 for the Fifth Consecutive Year

Foster City, Calif and New York, August 24, 2022 –  I...

Exabeam Spotlight22 to Debut Product Innovations Live from New York at NASDAQ MarketSite

Exclusive look at what’s next from the SIEM and behavioral...

Exabeam Certified as a Most Loved Workplace

Most Loved Workplaces employees are happiest and most satisf...