This report, produced by Cyentia Institute with Securonix, analyzes more than 54 billion events across 154k+ policies generating about 750k violations per hour to quantify why SIEM signal gets buried in noise. It finds most organizations monitor 7–17 data source types, and for roughly every 6.5–7 additional sources the number of policies doubles, which then drives a steep rise in alerts: doubling policies increases violations per second about 6.1x. Analysts typically adjudicate a tiny fraction of violations, often fewer than 1 in 100,000, and only about 0.8% of policies ever produce a concerning alert. The key takeaway is that tuning the small set of “chatty” policies can meaningfully reduce non-concerning alerts and improve focus.

Join for free to read