According to a recent Gartner report, Security Information and Event Management (SIEM) technology was the fastest growing segment of the global security market in 2015, achieving a 15.8 per cent growth in comparison to the previous year. While this is great news for SIEM providers, the most interesting element of this report highlights that the top five security suppliers accounted for 37.6 per cent of the market share, down 3.1 per cent from 2014. At LogPoint, we are pleased to see that the market is being disrupted by the emergence of more niche players offering a specialised and unique service.
The news highlights that, although often seen as a mature market in the enterprise space, SIEM is becoming increasingly recognised as a tool for companies of all sizes, including those that have been put off in the past by perceptions of SIEM as expensive and, frankly, a hassle to install and run. In short, many smaller companies had come to the conclusion that SIEM is a technology provided by big corporate organisations for big corporate organisations – this is not the case, and many are beginning to realise this.
Cybercriminals want your data, so why don’t you?
A problem smaller businesses face on a daily basis, which could explain Gartner’s findings, is that they are an incredibly lucrative target for hackers. This is because many attackers believe there will be a higher rate of return from successful attacks, as smaller businesses often don’t have the required resources to cope with a breach. In comparison, if a hacker were to focus its resources targeting a large enterprise, they often end up empty handed. Cybercriminals will always favour under-protected organisations which perhaps haven’t had the time or resources to install high-tech software portfolios.
Small businesses fit these criteria. According to a recent study, three fifths of UK SMEs are in danger of a security breach , and despite one in five SMEs experiencing a breach in the past year, many still seem ignorant in regards to the effects a breach could have on their business. Diligent cybersecurity practices can protect a company from malware, hackers and rogue employees, and with the proliferation of data available through increased technology usage, there’s a much greater opportunity for hackers to benefit from.
It is this data that hackers are targeting that a SIEM tool can utilise to prove its worth. Hackers are already trying to gain access to this because they recognise its worth, so businesses must realise the value it holds to gain a competitive advantage in their industry. A SIEM system collates and normalises data from various locations within an IT infrastructure – and as most SMEs can create up to 500,000 logs per day, this is a task that would be impossible for a single employee to undertake. In a climate of chronic IT skills shortages, it makes little sense for a highly trained and competent IT professional to spend hours trawling through data logs to search for events, when a SIEM with a well-designed search function can pinpoint a log in seconds.
SIEM: More than just a box-ticking compliance exercise
It is clear that many businesses are failing to realise the full potential of SIEM technology. Our experience tells us that many tend to install SIEM in the first instance as a compliance measure. However, once they begin utilising the system on a daily basis, they begin to realise its true value. The problem is that often, when those who control a company’s purse strings think of SIEM, they often visualise the technology as little more than a ‘box-ticking exercise’.
Perhaps this is understandable, as an increasing amount of data protection regulations, such as the upcoming General Data Protection Regulations (GDPR), mean businesses must act to ensure they are looking after data correctly. The issue this creates is that the value of SIEM in delivering ROI beyond compliance is often overlooked, with perceptions of the technology as too expensive and difficult to use preventing it from garnering any further consideration. In reality, SIEM can extract value from the data companies already hold as well as protecting it, all in a cost-effective and easy to operate manner.
If businesses were to broaden their use of the technology, they would benefit from a greater ROI. An example of this could be as simple as utilising SIEM to monitor a business’ printing needs. Many company printers are leased from external firms, and a SIEM solution can recognise which printers are being utilised and how often. If a certain printer is not being used frequently, for instance, the business can then save money by reducing the number of printers leased.
Niche players mean specialist knowledge and skills
The fall in market share seen by large security suppliers with complex product portfolios is in stark contrast to the smaller niche players that are seeing an increase in market share by offering a more specialised service.
We passionately believe that SIEM doesn’t have to be complicated to install and use, or require armies of highly qualified techies to run. Smaller specialist providers are able to focus on producing clean elegant designs, intuitive search functions, and unmatched big data analytics, all of which are helping businesses utilise the technology beyond traditional compliance purposes.
That is why we feel niche security players with a particular security specialism are beginning to eat into the big player’s market share. SIEM works and it can work for businesses of any size.
Graeme Stewart, Managing Director of LogPoint UK & Ireland