Keeping your company secure is as much about detecting and responding to attacks as they occur as it is about preventing attacks before they happen. Given the proliferation and sophistication of malicious entities, organizations must assume that they will be infiltrated and have an effective detection and response strategy. For years, security information and event management/security information management (SIEM) solutions have been the primary tool that security and risk (S&R) professionals have relied on to aggregate information from their enterprise to help identify abnormal behavior that could be evidence of an intrusion. Yet SIEM hasn’t kept pace with the security needs of modern enterprises — it is adequate for compliance but inadequate for incident detection and response. It’s time for S&R professionals to implement a purpose-built technology for incident detection and response: security analytics (SA).
In July 2015, RSA commissioned Forrester Consulting to evaluate how the capabilities of SIEM and security analytics
solutions stack up against the current threat landscape. To do this, Forrester conducted a survey of 180 security and
risk professionals from countries around the world, as well as interviewed security professionals responsible for
security monitoring at their organizations.