Exabeam, the creator of New-Scale SIEM for advancing security operations, has announced its State of the SIEM survey of 500 U.S. IT security professionals, revealing that 97% feel confident that they are well-equipped with the tools and processes they need to prevent and identify intrusions and/or breaches. However, according to recent security industry reports, 83% of organizations experienced more than one data breach in 2022.

Nearly half (46%) of all respondents operate more than one cloud or on-premises SIEM platform. Among those with SIEM tools, 64% of those who have one platform are very confident they can detect cyberattacks based on adversary behavior alone, while 59% of those with two or more platforms are very confident. In addition, 4% of U.S. security professionals report not using a SIEM platform, and of those respondents, 81% were confident.

However, just 17% of all respondents can see 81–100% of their network. Since many analysts lack full visibility, the likelihood that adversaries are lurking in dark corners grows ever greater.

One reason security teams struggle to prevent breaches is that adversaries are often already in the network, undetected. Despite this reality, 65% still prioritize prevention over detection, investigation, and response as their most important security goal. Just 33% said detection was the highest priority.

Security investments mirror this thinking: Nearly three-fourths (71%) spend 21-50% of their security budgets on prevention, while 59% invest the same percentage on TDIR.

While nearly all respondents are certain they can prevent attacks, this confidence drops when challenged. When asked if they’d feel very confident telling a manager or the board that no adversaries had breached the network at that time, only 62% say yes, leaving more than a third with doubts.

As attacks surge, security jobs become ever more demanding. Some 43% of respondents cited being unable to prevent bad things from happening as the worst part of their job, followed by:

• Lacking full visibility due to security product integration issues (41%)
• An inability to centralize and understand the full scope of an event or incident (39%)
• Being unable to manage the volume of detection alerts, with too many false positives (29%)
• Not feeling confident that they’ve resolved all problems on the network (29%)