Investing in SIEM: The Pitfalls of Security Provisions | GBAF

Investing in SIEM: The Pitfalls of Security Provisions | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Top Stories > HOW TO STOP A SECURITY INVESTMENT GOING THE WAY OF JANUARY GYM BURNOUT

HOW TO STOP A SECURITY INVESTMENT GOING THE WAY OF JANUARY GYM BURNOUT

Published by Gbaf News

Posted on January 25, 2017

11 min read

Last updated: January 21, 2026

Electric vehicles sales growth chart illustrating record highs in November 2023 - Global Banking & Finance Review — An infographic depicting the significant growth in global electric vehicle sales for November 2023, highlighting a 32% year-on-year increase, driven primarily by China. This image relates to the article's focus on the competitive landscape of the EV market amidst rising sales figures.

By Henry Bureau, Research Analyst at Countercept by MWR InfoSecurity

As the turn of a new year approaches, so too does the time for gym managers to rub their hands together with glee, watching streams of well-intentioned patrons pour in with wallets in hand, ready to embark on their fitness journey – I did this last year, they say to themselves, but 2017 is the year. We’ve all been there; the feeling of satisfaction for finally getting around to it, feeling fitter and stronger already, we may even have done some research on the routine we want. Those completely new to it may realise that there is much to learn, and so enlist the help of trainers to show them the long and difficult road to fitness.

Henry Bureau

Henry Bureau

We frequently see this same mindset cropping up when it comes to businesses taking the plunge on an investment into their security capabilities. Just as the enthusiasm and excitement of the January gym rush can quickly disappear, contracts for security provisions like SIEM (security information and event management) can follow a similar timeframe.

On day one, I step into the gym following a year of gluttony: I’ve finally put my first footsteps on the road to fitness nirvana, and the coming months may present new challenges, but now I’m equipped to tackle them. With a personal trainer, I can learn and shortcut the pitfalls that those poor, uninformed sloths suffer from. The buyer’s (and runner’s) high is still on at this point.

On the security side, the ink is drying on the contract, and applications are rolling out on the estate. IT managers feel happy that they’ve addressed the security issues facing the company, and any suspicious activity will be logged and investigated.

Over at the gym, I walk into a hall of gleaming machines, brightly coloured mats and foam rollers, treadmills and rowing machines. This is the SIEM: these slick tools can all be used to exercise, and they work – but not without the knowledge counterpart, and not without hard work.

The constant feed of data from a SIEM will flag up false positives, sparking an endless chase of suspicious looking data, like selecting the next exercise machine at random and giving it your all. It works, but how can it be measured? How do I know I’m getting anywhere? That feeling of ‘being on top of security’ is still there, because the SIEM is working, and pushing out reports. At this point it feels like a challenge, but not by any stretch insurmountable.

Fatigue sets in

By day two at the gym though, I’m already fatigued. Feeling tired and sore from yesterday, with the prospect of another long day, will I drag myself out of bed early to do some more work? Compare this with the constant outpour of information from a SIEM, with which dealing becomes an all-consuming, exhausting affair. By the time I’m halfway through the previous night’s alerts, I’m drained, so picking up on that one piece of targeted malware is all the more difficult.

This is an issue facing security analysts worldwide; retaining an experienced and effective workforce in this environment is difficult when the work is repetitive, and throws up so many false positives that it becomes draining and eventually unsustainable. Like the New Year’s resolution-ers, many of these will eventually quit to go elsewhere, feeling exhausted, unstimulated, and without a metric to measure success or progress.

Fast forward to the end of the year, and my contract, I have long stopped using it. Without knowing exactly the problem I was trying to fix, a gym session becomes an exercise in shooting from the hip, picking workouts at random, using different machines, and as a result being unable to measure any progress. ‘Fitness’, like ‘security’, is a vague and nebulous term and equally hard to grasp if not prepared. Without knowing if I am making progress, why continue?

Beating the burn

When it comes to security, it is possible to observe trends and patterns over an extended period, but this is something more effectively delegated to statistical analysis. This is where the log aggregation solution comes in: think of the ability to collate all of the workout routines of every member of one’s gym over the previous year, measure their effectiveness, results, and identify issues both past and future. Those problems which do not map against known previous issues can then be resolved by dedicated trainers, freed from the boring daily grind of helping New Year’s resolution-ers with the same program day in, day out.

This is precisely the advantage of Managed Detection and Response (MDR), which take comprehensive and contextual data outputs, filtering them so that only those which require analyst attention are flagged for further inspection. Analysts can thus use time which would otherwise be occupied researching the same incidents over and again to respond to those which are truly unique and highly suspicious.

This approach is much more focused on achieving results than compliance, and consequently is a specific, tailored security methodology. The fitness analogy would be taking a glossy magazine routine instead of using the experience of dedicated trainers with proven knowledge and expertise.

The objective of good security policy should always be the protection of pre-defined assets from quantifiable and understood threats, which by nature requires in depth knowledge. As a result, we have something of a catch-22 – to have good security practice, one needs experience, but in order to gain experience, one needs to understand good security practice.

This is the concept behind MDR – to use the knowledge of those experienced in the attacker mindset to find advanced and capable individuals or groups. A person with this knowledge is inherently better placed to recognise the actions suggesting advanced threats, because they themselves would take them. Think of the way an athlete would identify issues in their training regime, well before the problems would become apparent to a newbie.

In a year’s time, the most dedicated will still be attending the local gym frequently. Others, this writer included, likely will not. It is well known that having a gym buddy increases your chances of consistent attendance – so what if your gym buddy was a professional athlete? This is the benefit of a managed solution; security of enterprise networks is fundamentally the responsibility of the business, but why not take advantage of the expertise of professional threat hunters, who, like athletes, have cutting edge knowledge at their disposal?

By Henry Bureau, Research Analyst at Countercept by MWR InfoSecurity

As the turn of a new year approaches, so too does the time for gym managers to rub their hands together with glee, watching streams of well-intentioned patrons pour in with wallets in hand, ready to embark on their fitness journey – I did this last year, they say to themselves, but 2017 is the year. We’ve all been there; the feeling of satisfaction for finally getting around to it, feeling fitter and stronger already, we may even have done some research on the routine we want. Those completely new to it may realise that there is much to learn, and so enlist the help of trainers to show them the long and difficult road to fitness.

Henry Bureau

Henry Bureau

We frequently see this same mindset cropping up when it comes to businesses taking the plunge on an investment into their security capabilities. Just as the enthusiasm and excitement of the January gym rush can quickly disappear, contracts for security provisions like SIEM (security information and event management) can follow a similar timeframe.

On day one, I step into the gym following a year of gluttony: I’ve finally put my first footsteps on the road to fitness nirvana, and the coming months may present new challenges, but now I’m equipped to tackle them. With a personal trainer, I can learn and shortcut the pitfalls that those poor, uninformed sloths suffer from. The buyer’s (and runner’s) high is still on at this point.

On the security side, the ink is drying on the contract, and applications are rolling out on the estate. IT managers feel happy that they’ve addressed the security issues facing the company, and any suspicious activity will be logged and investigated.

Over at the gym, I walk into a hall of gleaming machines, brightly coloured mats and foam rollers, treadmills and rowing machines. This is the SIEM: these slick tools can all be used to exercise, and they work – but not without the knowledge counterpart, and not without hard work.

The constant feed of data from a SIEM will flag up false positives, sparking an endless chase of suspicious looking data, like selecting the next exercise machine at random and giving it your all. It works, but how can it be measured? How do I know I’m getting anywhere? That feeling of ‘being on top of security’ is still there, because the SIEM is working, and pushing out reports. At this point it feels like a challenge, but not by any stretch insurmountable.

Fatigue sets in

By day two at the gym though, I’m already fatigued. Feeling tired and sore from yesterday, with the prospect of another long day, will I drag myself out of bed early to do some more work? Compare this with the constant outpour of information from a SIEM, with which dealing becomes an all-consuming, exhausting affair. By the time I’m halfway through the previous night’s alerts, I’m drained, so picking up on that one piece of targeted malware is all the more difficult.

This is an issue facing security analysts worldwide; retaining an experienced and effective workforce in this environment is difficult when the work is repetitive, and throws up so many false positives that it becomes draining and eventually unsustainable. Like the New Year’s resolution-ers, many of these will eventually quit to go elsewhere, feeling exhausted, unstimulated, and without a metric to measure success or progress.

Fast forward to the end of the year, and my contract, I have long stopped using it. Without knowing exactly the problem I was trying to fix, a gym session becomes an exercise in shooting from the hip, picking workouts at random, using different machines, and as a result being unable to measure any progress. ‘Fitness’, like ‘security’, is a vague and nebulous term and equally hard to grasp if not prepared. Without knowing if I am making progress, why continue?

Beating the burn

When it comes to security, it is possible to observe trends and patterns over an extended period, but this is something more effectively delegated to statistical analysis. This is where the log aggregation solution comes in: think of the ability to collate all of the workout routines of every member of one’s gym over the previous year, measure their effectiveness, results, and identify issues both past and future. Those problems which do not map against known previous issues can then be resolved by dedicated trainers, freed from the boring daily grind of helping New Year’s resolution-ers with the same program day in, day out.

This is precisely the advantage of Managed Detection and Response (MDR), which take comprehensive and contextual data outputs, filtering them so that only those which require analyst attention are flagged for further inspection. Analysts can thus use time which would otherwise be occupied researching the same incidents over and again to respond to those which are truly unique and highly suspicious.

This approach is much more focused on achieving results than compliance, and consequently is a specific, tailored security methodology. The fitness analogy would be taking a glossy magazine routine instead of using the experience of dedicated trainers with proven knowledge and expertise.

The objective of good security policy should always be the protection of pre-defined assets from quantifiable and understood threats, which by nature requires in depth knowledge. As a result, we have something of a catch-22 – to have good security practice, one needs experience, but in order to gain experience, one needs to understand good security practice.

This is the concept behind MDR – to use the knowledge of those experienced in the attacker mindset to find advanced and capable individuals or groups. A person with this knowledge is inherently better placed to recognise the actions suggesting advanced threats, because they themselves would take them. Think of the way an athlete would identify issues in their training regime, well before the problems would become apparent to a newbie.

In a year’s time, the most dedicated will still be attending the local gym frequently. Others, this writer included, likely will not. It is well known that having a gym buddy increases your chances of consistent attendance – so what if your gym buddy was a professional athlete? This is the benefit of a managed solution; security of enterprise networks is fundamentally the responsibility of the business, but why not take advantage of the expertise of professional threat hunters, who, like athletes, have cutting edge knowledge at their disposal?