Security alerts more than doubled in the last 5 years, SecOps teams admit they can’t get to them all
Sumo Logic announced the findings of a global survey that highlight the barriers security professionals are facing on the path to modernizing the security operations center (SOC).
High volume of security alerts
The struggle to effectively manage high volumes of security alerts and the complexities associated with traditional SIEMs are driving the demand for a new approach to effectively address challenges in the SOC through cloud-native SIEMs combined with security automation capabilities.
“Today’s security operations teams are faced with constant threats of security breaches that can lead to severe fallout including losing customers, diminished brand reputation and reduced revenue. To effectively minimize risk and bridge the gap, many companies rely on automated solutions that provide real-time analysis of security alerts,” said Diane Hagglund, principal for Dimensional Research.
“These findings highlight the challenges SOC teams are facing in a cloud-centric world, but more importantly why enterprises are aggressively looking to cloud-native alternatives for security analytics and operations.”
The study reveals that managing the sheer volume of these alerts poses a significant problem for IT security professionals. Although automated security alert processing can help to mitigate this issue, it is still a work in progress for most security teams.
Security alert volumes create problems for security operations
- 70% have more than doubled the volume of security alerts in the past five years
- 99% report high volumes of alerts cause problems for IT security teams
- 83% say their security staff experiences “alert fatigue”
Automation helps, but it is still a work in progress
- 65% of teams with high levels of automation resolve most security alerts the same day compared to only 34% of those with low levels of automation
- 92% agree automation is the best solution for dealing with large volumes of alerts
- 75% report they would need three or more additional security analysts to address all alerts the same day
Better technology is needed to manage security alert volumes
- 88% face challenges with their current SIEM
- 84% see many advantages in a cloud-native SIEM for cloud or hybrid environments
- 99% would benefit from additional SIEM automation capabilities
“Enterprises are arguably dealing with more data today than ever before, and the pain security operations teams are feeling is significant. There’s never been a more important time to ensure IT security operations are up to par,” said Greg Martin, general manager for the security business unit at Sumo Logic.
“Companies need to adopt solutions that let them quickly identify, prioritize and respond to only the most critical warning signals, so that they’re not left drowning in alert overload with no direction.”
While companies continue to invest in teams of data experts, a Fivetran survey suggests that adding more data analytics wizards might not be the solution. In fact, the survey found that during the course of a workday, data analysts spend less than half their time actually analyzing data.
Conducted by Dimensional Research, the online survey of approximately 500 data professionals across five continents also shows 68 percent of the respondents have ideas that would drive more profit for their organizations but lack time to implement them.
The struggles of data professionals
More than 60 percent of respondents reported wasting time waiting for engineering resources several times each month and often spending one-third of every workday just trying to access data. 90 percent said their work was slowed by numerous unreliable data sources over the last 12 months.
“The struggles data professionals face in simply doing their work and the time they waste is astounding,” said George Fraser, CEO of Fivetran.
“To keep critical analytics projects moving, these unsung heroes contend with numerous workarounds to compensate for unavailable engineering resources and unreliable data sources. Fivetran ready-to-use connectors help remove some of these bottlenecks and allow analysts to instead focus on uncovering insights.”
As enterprises strive to optimize decision-making in a rapidly evolving global economic landscape, the study indicates that enabling analysts to spend more time analyzing and less time finding, fixing and stabilizing data will drive better decisions and increased profits.
Much of the problem lies in data integrity, quality and access — the top three challenges almost unanimously pointed to by the survey respondents.
- 71 percent of companies plan to hire more data analysts within the next year
- 74 percent of companies will grow business intelligence users in the same time period
- At the same time, 86 percent struggle with working with out-of-date data
- 41 percent report they had used data that was two months old or older
- 60 percent deal with frequently changing data schemas
- 92 percent state they often need to perform tasks outside their role
Many organizations across the globe fall short of effectively managing access for third-party users, exposing them to significant vulnerabilities, breaches and other security risks, One Identity reveals. Most organizations grant third-party users access to their network Based on a Dimensional Research-conducted survey of more than 1,000 IT security professionals, the research evaluates organizations’ approaches to identity and access management (IAM) and privileged access management (PAM), including how they apply to third-party users – from vendors … More
The post Do third-party users follow security best practices and policies? appeared first on Help Net Security.