Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage

Feb 23, 2022

The average enterprise SIEM deployment only covers 16% of MITRE ATT&CK.

Only 16% — think about that. That means it misses 84% of adversary techniques.

Why? Log source configuration errors, broken log collectors, missing rules, and noisy rules all contribute to poor detection coverage in the average enterprise.

Learn more by reading this research report based on real-world data from live SIEM instances (Splunk, QRadar, etc.)

About CardinalOps: Our AI-powered platform optimizes detection coverage for your existing SIEM/XDR tools (Splunk, Sentinel, QRadar, etc.). Leveraging crowd-sourced analytics and MITRE ATT&CK, it identifies and recommends missing detection rules based on best practices — plus fixes to broken or noisy rules (missing fields, etc.) — to close the riskiest detection gaps that leave your organization exposed.