The State of
Cybersecurity Data

We surveyed attendees of the 2022 Black Hat conference to find out if and how they’re using enterprise data to solve their biggest cybersecurity challenges. What they told us is pretty damning to status-quo tools.

Here’s what we found out.

Gravwell-Survey Results-Bullseye Icon

Companies worry about what they don’t know and missed alerts

And, after many many years, ransomware still strikes fear in almost a third of respondents.

Gravwell-Survey Results-Star Image

They use a lot of tech
to solve these problems

Gravwell-Survey Results-Bargraph Icon

SIEM continues to be the most-used technology, with EDR a close third.

55%

Security Information and Event Management 
(SIEM)

52%

Extended Detection and Response (XDR)

27%

Extended Detection and Response (XDR)

19%

User and Entity Behavior Analytics (UEBA)

19%

Security Orchestration Automation and Response (SOAR)

16%

Endpoint Detection and Threat Response (EDTR)

14%

Security Data Lake

Gravwell-Survey Results-Atom Icon

Less than half are currently using data science, more are planning on adding it.

Currently Using: 42%

Not Using: 36%

Planning on Using: 19%

No Plans: 3%

But only 14% are using a Security Data Lake.

But only 14% are using a Security Data Lake.

Gravwell-Survey Results-List Icon

Less than half agree that their
SIEM meets their expectations

And nearly a third disagree or still aren’t even using one.
(That could be contributing to the “unknown unknown” and “alert fatigue” concerns above.)

And nearly a third disagree or still aren’t even using one. (That could be contributing to the “unknown unknown” and “alert fatigue” concerns above.)

Gravwell-Survey Results-SIEM Expectations Chart

Why?

19% Too Expensive.

Gravwell-Survey Results-Star Image

Log management
is a mixed-bag

Log management is a mixed-bag

Gravwell-Survey Results-List Sort Down Arrow Icon@2x

And logs that are
collected get dropped…

9%

Very Often

31%

Occasionally

30%

Unaware

30%

Not Dropping

Dropping logs sucks. But why are they doing it??

Why?

30% Too Expensive.

19%

Not Sure What we Don’t Ingest

23%

Technical Limitations

27%

Cross Team Functionality
Gravwell-Survey Results-Gravwell G

They Should Be Using a
Security Data Lake

Though only 14% reported currently using a security data lake today, installing one (like Gravwell) could take care of all these problems!

Gravwell-Survey Results-All-You-Can-Send@2x
Gravwell’s all-you-can-send, no-limits model means you can send everything and keep it!
Gravwell-Survey Results-Simplify Your Tech@2x
Gravwell simplifies your tech stack and increases team efficiency, allowing SecOps teams to focus on security, not on running software.
Gravwell-Survey Results-Beat SIEMs Pricing@2x
Gravwell beats traditional SIEMs on pricing, observability, investigation capability and performance.
Gravwell-Survey Results-Native Automation@2x
Gravwell’s native automation engine lets you integrate with internal and external systems seamlessly (Say, bye-bye, SOAR).

And the great news is that you can get started with

Gravwell’s Community Edition for free!

Gravwell-Survey Results-Get a Demo Image
Ready to make your security team even better? Gravwell is a whole new way to make sense of your data. Get your demo today to see how you can advance your mission without limits.
TOP