Is anyone really surprised by this? The problem is that many SIEMs take a fork-lift to install and a "cast of thousands" to maintain. Most of us don't have the luxury of massive staffs and are just struggling to put out fires and make sure the network is working properly.
'Organisations want to detect suspicious activity but when the IT professionals were asked how much time they normally spend on log-data analysis, the largest group (35%) replied, "none to a few hours per week." As for the rest, 18% didn't know, 11% said one day per week, 2% outsourced this task to a managed security service provider, and 24% defined it as "integrated into normal workflow." The SANS survey report, which notes analysis time overall actually seems down from last year, noted that about 50% of the smaller organisations spent zero to just a few hours analising logs.'