A wasted investment is the last thing any organization needs, yet the cost of a cybersecurity solution doesn’t necessarily equate to value. Consider Security Information and Event Management, or SIEM tools for example. Dark Reading points out that the tool itself is not the key factor in the effectiveness – it must be properly configured with the logs from devices that will provide the data needed to provide visibility into what is happening on the network, from firewalls and edge devices to Active Directory accounts and endpoints.
Next, the SIEM quickly becomes useless if the business rules to trigger events are not tuned to the specific environment. You don’t want so many false positives that your staff doesn’t pay attention to a warning that could stop a compromise, so the tuning needs to be ongoing. Target and Yahoo are two well documented examples of not making use of the data in their SIEMs to catch breach activity.
Finally as relates to the SIEM, the investment is wasted if no one is watching the logs, correlating the data, and providing real-time analysis and response. Imagine a physical security alarm system sending a break-in signal with no one at ADT to see the alarm and dispatch the police for response. The investment in the alarm system does not provide any value in this scenario, yet we see this play out with SIEM tools all the time. Many organizations find a Managed Security Service Provider (MSSP) to be a better fit than a SIEM tool if they don’t have the resources to make the most of this investment.