Enterprise SIEMs fall short on detecting attacks

Enterprise Security Information and Event Management (SIEM) tools are detecting fewer than five of the top 14 MITRE ATT&CK techniques employed by adversaries in the wild, according to a new report. Analysis by AI-powered detection engineering company CardinalOps also shows SIEMs are missing detections for 80 percent of the complete list of 190+ ATT&CK techniques. Among other gaps in detection coverage the report finds that 15 percent of SIEM rules are broken and will never fire, primarily due to fields that are not extracted correctly or log sources that are not sending the required data. In addition 75 percent of… [Continue Reading]