The brain of the SIEM and SOAR

SIEM and SOAR solutions are important tools in a cybersecurity stack. They gather a wealth of data about potential security incidents throughout your system and store that info for review. But just like nerve endings in the body sending signals, what good are these signals if there is no brain to process, categorize and correlate this information?

siem soar tools

A vendor-agnostic XDR (Extended Detection and Response) solution is a necessary component for solving the data overload problem – a “brain” that examines all of the past and present data collected and assigns a collective meaning to the disparate pieces. Without this added layer, organizations are unable to take full advantage of their SIEM and SOAR solutions.

So, how do organizations implement XDR? Read on.

SIEM and SOAR act like nerves

It’s easy for solutions with acronyms to cause confusion. SOAR and SIEM are perfect examples, as they are two very different technologies that often get lumped together. They aren’t the same thing, and they do bring complementary capabilities to the security operations center, but they still don’t completely close the automation gap.

The SIEM is a decades-old solution that uses technology from that era to solve specific problems. At their core, SIEMs are data collection, workflow and rules engines that enable users to sift through alerts and group things together for investigation.

In the last several years, SOAR has been the favorite within the security industry’s marketing landscape. Just as the SIEM runs on rules, the SOAR runs on playbooks. These playbooks let an analyst automate steps in the event detection, enrichment, investigation and remediation process. And just like with SIEM rules, someone has to write and update them.

Because many organizations already have a SIEM, it seemed reasonable for the SOAR providers to start with automating the output from the SIEM tool or security platform console. So: Security controls send alerts to a SIEM > the SIEM uses rules written by the security team to filter down the number of alerts to a much smaller number, usually 1,000,000:1 > SIEM events are sent to the SOAR, where playbooks written by the security team use workflow automation to investigate and respond to the alerts.

SOAR investigation playbooks attempt to contextualize the events with additional data – often the same data that the SIEM has filtered out. Writing these investigation playbooks can occupy your security team for months, and even then, they only cover a few scenarios and automate simple tasks like virus total lookups.

The verdict is that SOARs and SIEMs purport to perform all the actions necessary to automate the screening of alerts, but the technology in itself cannot do this. It requires trained staff to bring forth this capability by writing rules and playbooks.

Coming back to the analogy, this data can be compared to the nerves flowing through the human body. They fire off alerts that something has happened – alerts that mean nothing without a processing system that can gather context and explain what has happened.

Giving the nerves a brain

What the nerves need is a brain that can receive and interpret their signals. An XDR engine, powered by Bayesian reasoning, is a machine-powered brain that can investigate any output from the SIEM or SOAR at speed and scale. This replaces the traditional Boolean logic (that is searching for things that IT teams know to be somewhat suspicious) with a much richer way to reason about the data.

This additional layer of understanding will work out of the box with the products an organization already has in place to provide key correlation and context. For instance, imagine that a malicious act occurs. That malicious act is going to be observed by multiple types of sensors. All of that information needs to be put together, along with the context of the internal systems, the external systems and all of the other things that integrate at that point. This gives the system the information needed to know the who, what, when, where, why and how of the event.

This is what the system’s brain does. It boils all of the data down to: “I see someone bad doing something bad. I have discovered them. And now I am going to manage them out.” What the XDR brain is going to give the IT security team is more accurate, consistent results, fewer false positives and faster investigation times.

How to apply an XDR brain

To get started with integrating XDR into your current system, take these three steps:

1. Deploy a solution that is vendor-agnostic and works out of the box. This XDR layer of security doesn’t need playbooks or rules. It changes the foundation of your security program and how your staff do their work. This reduces your commitment in time and budget for security engineering, or at least enables you to redirect it.

2. It has become much easier in the last several years to collect, store and – to some extent – analyze data. In particular, cloud architectures offer simple and cost-effective options for collecting and storing vast quantities of data. For this reason, it’s now possible to turn your sensors all the way up rather than letting in just a small stream of data.

3. Decide which risk reduction projects are critical for the team. Automation should release security professionals from mundane tasks so they can focus on high-value actions that truly reduce risk, like incident response, hunting and tuning security controls. There may also be budget that is freed up for new technology or service purchases.

Reading the signals

To make the most of SOARs and SIEMs, you XDR – a tool that will take the data collected and add the context needed to turn thousands of alerts into one complete situation that is worth investigating.

The XDR layer is an addition to a company’s cybersecurity strategy that will most effectively use SIEM and SOAR, giving all those nerve signals a genius brain that can sort them out and provide the context needed in today’s cyber threat landscape.

Justifying your 2021 cybersecurity budget

Sitting in the midst of an unstable economy, a continued public health emergency, and facing an uptick in successful cyber attacks, CISOs find themselves needing to enhance their cybersecurity posture while remaining within increasingly scrutinized budgets.

2021 cybersecurity budget

Senior leadership recognizes the value of cybersecurity but understanding how to best allocate financial resources poses an issue for IT professionals and executive teams. As part of justifying a 2021 cybersecurity budget, CISOs need to focus on quick wins, cost-effective SaaS solutions, and effective ROI predictions.

Finding the “quick wins” for your 2021 cybersecurity budget

Cybersecurity, particularly with organizations suffering from technology debt, can be time-consuming. Legacy technologies, including internally designed tools, create security challenges for organizations of all sizes.

The first step to determining the “quick wins” for 2021 lies in reviewing the current IT stack for areas that have become too costly to support. For example, as workforce members moved off-premises during the current public health crisis, many organizations found that their technology debt made this shift difficult. With workers no longer accessing resources from inside the organization’s network, organizations with rigid technology stacks struggled to pivot their work models.

Going forward, remote work appears to be one way through the current health and economic crises. Even major technology leaders who traditionally relied on in-person workforces have moved to remote models through mid-2021, with Salesforce the most recent to announce this decision.

Looking for gaps in security, therefore, should be the first step in any budget analysis. As part of this gap analysis, CISOs can look in the following areas:

  • VPN and data encryption
  • Data and user access
  • Cloud infrastructure security

Each of these areas can provide quick wins if done correctly because as organizations accelerate their digital transformation strategies to match these new workplace situations, they can now leverage cloud-native security solutions.

Adopting SaaS security solutions for accelerating security and year-over-year value

The SaaS-delivered security solution market exploded over the last five to ten years. As organizations moved their mission-critical business operations to the cloud, cybercriminals focused their activities on these resources.

Interestingly, a CNBC article from July 14, 2020 noted that for the first half of 2020, the number of reported data breaches dropped by 33%. Meanwhile, another CNBC article from July 29, 2020 notes that during the first quarter, large scale data breaches increased by 273% compared to the same time period in 2019. Although the data appears conflicting, the Identity Theft Research Center research that informed the July 14th article specifically notes, “This is not expected to be a long-term trend as threat actors are likely to return to more traditional attack patterns to replace and update identity information needed to commit future identity and financial crimes.” In short, rapidly closing security gaps as part of a 2021 cybersecurity budget plan needs to include the fast wins that SaaS-delivered solutions provide.

SaaS security solutions offer two distinct budget wins for CISOs. First, they offer rapid integration into the organization’s IT stack. In some cases, CISOs can get a SaaS tool deployed within a few weeks, in other cases within a few months. Deployment time depends on the complexity of the problem being solved, the type of integrations necessary, and the enterprise’s size. However, in the same way that agile organizations leverage cloud-based business applications, security teams can leverage rapid deployment of cloud-based security solutions.

The second value that SaaS security solutions offer is YoY savings. Subscription models offer budget conscious organizations several distinct value propositions. First, the organization can reduce hardware maintenance costs, including operational costs, upgrade costs, software costs, and servicing costs. Second, SaaS solutions often enable companies to focus on their highest risk assets and then increase their usage in the future. Third, they allow organizations to pivot more effectively because the reduced up-front capital outlay reduces the commitment to the project.

Applying a dollar value to these during the budget justification process might feel difficult, but the right key performance indicators (KPIs) can help establish baseline cost savings estimates.

Choosing the KPIs for effective ROI predictions

During an economic downturn, justifying the cybersecurity budget requests might be increasingly difficult. Most cybersecurity ROI predictions rely on risk evaluations and applying probability of a data breach to projected cost of a data breach. As organizations look to reduce costs to maintain financially viable, a “what if” approach may not be as appealing.

However, as part of budgeting, CISOs can look to several value propositions to bolster their spending. Cybersecurity initiatives focus on leveraging resources effectively so that they can ensure the most streamlined process possible while maintaining a robust security program. Aligning purchase KPIs with specific reduced operational costs can help gain buy-in for the solution.

A quick hypothetical can walk through the overarching value of SaaS-based security spending. Continuous monitoring for external facing vulnerabilities is time-consuming and often incorporates inefficiency. Hypothetical numbers based on research indicate:

A poll of C-level security executives noted that 37% said they received more than 10,000 alerts each month with 52% of those alerts identified as false positives.

  • The average security analyst spends ten minutes responding to a single alert.
  • The average security analyst makes approximately $91,000 per year.

Bringing this data together shows the value of SaaS-based solutions that reduce the number of false positives:

  • Every month enterprise security analysts spend 10 minutes for each of the 5,2000 false positives.
  • This equates to approximately 866 hours.
  • 866 hours, assuming a 40-hour week, is 21.65 weeks.
  • Assuming 4 weeks per month, the enterprise needs at least 5 security analysts to manage false positive responses.
  • These 5 security analysts cost a total of $455,000 per year in salary, not including bonuses and other benefits.

Although CISOs may not want to reduce their number of team members, they may not want to add additional ones, or they may be seeking to optimize the team they have. Tracking KPIs such reduction in false positives per month can provide the type of long-term cost value necessary for other senior executives and the board of directors.

Securing a 2021 cybersecurity budget

While the number of attacks may have stalled during 2020, cybercriminals have not stopped targeting enterprise data. Phishing attacks and malware attacks have moved away from the enterprise network level and now look to infiltrate end-user devices. As organizations continue to pivot their operating models, they need to look for cost-effective ways to secure their sensitive resources and data. However, budget constrictions arising from 2020’s economic instability may make it difficult for CISOs to gain the requisite dollars to continue to apply best security practices.

As organizations start looking toward their 2021 roadmap, CISOs will increasingly need to be specific about not only the costs associated with purchases but also the cost savings that those purchases provide from both data incident risk and operational cost perspective.

How can security leaders maximize security budgets during a time of budget cuts?

It’s no secret that the current pandemic is causing a major strain on consumers and businesses alike. As the U.S. teeters on the verge of a recession, companies are cutting their spending wherever they can — including in cybersecurity. Gartner estimates that security faces cuts as high as $6.7 billion — an unfortunate outcome, particularly since most organizations are also experiencing an expansion of their attack surface as a result of more people working from home.

In some ways, cuts in security budget aren’t surprising. Security has experienced growing budgets for years, but many security professionals have a hard time explaining to executives and board members what, exactly, they’re getting for the spend. Executives have struggled to understand cyber risk for some time, and in a tough economic environment, security is easier to put on the chopping block if it is perceived as a “tax” on the business.

But while some security programs have become bloated, many don’t necessarily deserve to be cut. Given the gravity of today’s situation, it’s time for security leaders to step in and do what they can to justify spending that bolsters their company’s overall security posture. With the right strategy in place, these leaders can be properly equipped to save their organizations from major monetary losses and damage to their brand reputation.

Speaking the “board member” language

Executives and board members have been known to have their doubts about the ROI of their security investments. Their days are driven by facts and figures — and security performance is too often discussed and evaluated in vague terms (ranging on a scale from low to high) that don’t resonate with leaders.

For senior management to really understand the effectiveness of good security measures, security leaders need to leverage quantitative metrics and share something more concrete to demonstrate the high value a strong security strategy brings. There are many strategic and tactical measurements that security leaders can share with executives and the board that demonstrate the effectiveness of programs and technology deployment. Some common metrics used to demonstrate program effectiveness include tracking number of malware incidents blocked or percentage of phishing emails filtered.

But it’s important to balance your own view with that of an independent third party perspective too. Objective, quantitative metrics like security ratings, for example, can be useful in providing comparative analysis and meaningful correlation to security outcomes. The lower the security rating given to the company, the more likely they are to experience a breach — and the more urgent and important it is to deploy the necessary services to avoid a potential disaster. Furthermore, some security ratings are used frequently in insurance underwriting and customer decision making, affirming the importance of understanding that metric at the senior-most level of the organization.

Using a specific kind of metric, security leaders have a better chance of grabbing the C-suite’s attention. The right data has the ability to prove to decision makers just how important security is.

Enabling the remote workforce

Everyone’s business faces challenges from COVID-19, and companies need to focus on enabling their workforce to succeed. Security must recognize that they play a critical role in helping the business during these challenging times, but they can’t just say “no” to everything.

One challenge that many are dealing with right now is enabling the remote workforce. Companies don’t have many options at this point, so workers must be allowed to access the corporate network in their home offices. But we also know that residential IPs account for more than 90% of all observed malware infections, making it much more risky.

Security professionals can help their businesses by developing capabilities that allow for continuous identification of vulnerabilities and infections on IP addresses associated with remote and home offices. Doing so will allow security teams to discover issues quickly, and more effectively manage higher risk remote operating environments. In other words, they’ll be able to ensure no harm comes to their organization while its employees work remotely.

Enabling business partnerships

Another example of how security can enable the business during these challenging times is through more efficient and effective onboarding of new vendors.

When the shift to work from home began months ago, organizations everywhere sought to onboard new vendors like Zoom. But how were they going to effectively perform risk assessments on organizations in hours or days, rather than the 8-12 week time frame that it typically takes to do a third party cyber risk assessment?

By leveraging data and automation, security leaders can transform their third party risk management programs, rapidly assessing and onboarding vendors to ensure that the business can start working with vendors to help achieve their goals. These efforts can actually be better in identifying risk than the typical qualitative, on-site assessment process, which is usually thought of as a snapshot in time. Security professionals shifting their programs can be more responsive to the business and establish a stronger working relationship during challenging times.

The power of benchmarking

Another way to get the C-suite’s attention? Competitive analysis. By benchmarking a company’s security program against competitors, security teams can highlight areas where their programs are performing in line — or out of line — with peers and competitors. In this day and age, no executive or board member wants to be underperforming their industry; but when it comes to cybersecurity, measuring and benchmarking have always been challenging.

Data and analytics now provide security professionals with the ability to quantitatively and objectively measure their programs across a variety of categories — and many security pros effectively use these benchmarks to highlight areas of investment or justify new spend.

The way forward

Right now, security teams are facing an uphill battle as they work to keep their organizations safe and secure. They’re also facing significant budget challenges. It’s up to security leaders to step in and prove that they can combat the current threats their companies face, but with an eye toward cost-optimization and cost-savings.

Using a combination of the above strategies, security leaders have a better shot at justifying security spending during a time when budgets are being slashed. By focusing on measurement, business enablement (including work from home and vendor onboarding), and competitive benchmarking, security leaders can establish greater credibility across the business, in the C-suite, and in the boardroom.

Top enterprise analytics trends for 2020

The top 10 enterprise analytics trends to watch in 2020 have been announced by MicroStrategy in collaboration with analysts and influencers from Forrester, IDC, Constellation Research, Ventana Research and others.

enterprise analytics trends 2020

Deep learning delivers a competitive advantage

“In 2020, the spotlight on deep learning will be the nexus between knowing and doing. No longer just a buzzword, the pragmatic advent of deep learning to predict and understand human behavior is a tempest disruptor in how companies will perform with intelligence against their competitors.” – Frank J. Bernhard, Chief Data Officer and Author, “SHAPE—Digital Strategy by Data and Analytics”.

AutoML improves the ROI of data science initiatives

Machine learning is one of the fastest-evolving technologies in recent years, and the demand for development in machine learning has increased exponentially. This rapid growth of machine learning solutions has created a demand for ready-to-use machine learning models that can be used easily and without expert knowledge.” – Marcus Borba, Founder and Principal Consultant, Borba Consulting.

The semantic graph becomes paramount to delivering business value

“The semantic graph will become the backbone supporting data and analytics over a constantly changing data landscape. Organizations not using a semantic graph are at risk of seeing the ROI for analytics plummet due to growing complexity and resulting organizational costs.” – Roxane Edjlali, Senior Director, Product Management, MicroStrategy and former Gartner analyst.

Human insight becomes even more important as data volumes increase

“As more and more knowledge workers become comfortable working with data, they should also become conversant with data ethnography, or the study of what the data relates to, the context in which it was collected, and the understanding that data alone might not give them a complete picture.” – Chandana Gopal, Research Director, IDC.

Next-gen embedded analytics speeds time to insights

“Concise analytics delivered in the context of specific applications and interfaces speed decision making. This style of embedding and the curation of concise, in-context analytics can take more time, but with advances including no-code and low-code development methods, we’re seeing rising adoption of next-generation embedding.” – Doug Henschen, VP and Principal Analyst, Constellation Research.

The need to combine data sources continues to grow

“We expect to see a continued focus on data diversity. Organizations rarely have a single standard platform for their data and analytics and multiple tools are used to access the data. The need to combine these data sources will only continue to grow.” – David Menninger, SVP and Research Director, Ventana Research.

Data-driven upskilling becomes an enterprise requirement

“Enterprise organizations will need to focus their attention not just on recruiting efforts for top analytics talent, but also on education, reskilling, and upskilling for current employees as the need for data-driven decision making increases—and the shortage of talent grows.” – Hugh Owen, Executive Vice President, Worldwide Education, MicroStrategy.

AI is real and ready

“Next year, more of these confident CDAOs and CIOs will see to it that data science teams have what they need in terms of data so that they can spend 70%, 80%, or 90% of their time actually modeling for AI use cases.” – Srividya Sridharan, Mike Gualteri, J.P. Gownder, Craig Le Clair, Ian Jacobs, Andrew Hogan, Predictions 2020: Artificial Intelligence—It’s Time to Turn the Artificial Into Reality (Checks), Forrester, October 30, 2019.

Mobile intelligence evolves for 2020 and beyond

“Half of organizations will re-examine their use of mobile devices and conclude that their technology does not adequately address the needs of their workers, leading them to examine a new generation of mobile applications that enable a better work experience and far more effective connectivity to the rest of the organization and to customers.” – Mark Smith, CEO and Chief Research Officer, Ventana Research.

The future of experience management is powered by AI

“As apps get decomposed by business process to headless microservices, automation and intelligence will play a big role in creating mass personalization and mass efficiencies at scale. The Intelligent Enterprise will take context and data to power next best actions.” – R “Ray” Wang, Founder and Principal Analyst, Constellation Research.

It’s the most vulnerable time of the year

With the holiday season upon us, it can be all too easy to get swept up in the festivities. As soon as the Halloween hangover starts to finally wear off, you’re already preparing for Thanksgiving, and then it’s Black Friday and Cyber Monday and then there’s Christmas lights and menorahs everywhere and you’re buying presents and plane tickets and… deep breath… calm down… put some Frankie Goes to Hollywood on and just relax. We need to remember that the holidays can actually be a pretty dangerous period for cybersecurity. To riff off Andy Williams, it’s the most vulnerable time of the year.

holiday cybersecurity risks

The Cybersecurity and Infrastructure Security Agency (CISA) recently warned the public of malicious cyber campaigns where bad actors attempt to send emails and e-cards with malware infected links or attachments. A main driver for risk during the holiday season is the spike in online shopping. These days, more and more people are opting to skip the chaos of Black Friday for the safety and comfort of Cyber Monday. While many are worrying about trusting online companies to deliver their gifts on time, a growing number of customers are also worrying about trusting companies to safeguard their personal information.

With over 1,244 million recorded data breaches in 2018 in the United States alone, and more than 446.5 million records becoming exposed, consumers have a right to be concerned. Deloitte recently found that 56% of shoppers feel little to no control over their consumer data and 79% of shoppers are concerned about shopping at retailers with either multiple data breaches or data breaches within the last year.

For those of us managing security operations, this season of heightened risk requires heightened alertness. Not only do more people shop online, but they’re using even more devices than ever to do so. The proliferation of connected devices has led to more vulnerabilities, making our jobs that much more difficult. Fortunately, there are new solutions as well. One trending response has been the adoption of Security Orchestration, Automation and Response (SOAR) platforms as a new category of security tools.

Threat intelligence management

Batman and the Joker, Neo and Agent Smith, stormtroopers and trees – rule number one of dealing with any threat is to know your enemy. Threat intelligence is the knowledge of a threat’s capabilities, infrastructure, motives, goals, and resources. It allows you to identify and contextualize bad actors, and it’s the first requirement for a safe and effective cyber security defense.

SOAR platforms build upon traditional threat intelligence platforms (TIPs) by taking vulnerability and threat data from multiple sources and then enriching that data with threat intelligence. In other words, they aggregate and validate data from a wider range of sources, and then more efficiently integrate it into an intelligence management system. Businesses are striving to keep up with the current threat landscape with a lack of resources, skills and budgets, and an abundance of tedious manual processes. SOAR solutions are improving the efficiency and quality of work for security operations.

Information is useless unless it can be put to action – it just becomes noise. SOAR sifts through the racket to identify attackers’ tactics, techniques and procedures (TTPs), as well as indicators of compromise (IOCs). With proper management of the information, security analysts are better equipped to contextualize incidents, make more well-informed decisions, and accelerate incident response.

The retail industry frequently suffers from vulnerabilities and gaps in coverage. Centralizing threat intelligence and correlating IOCs with your organization’s Priority Intelligence Requirements (PIRs) is crucial for analyzing and responding to the most pertinent vulnerabilities.


There’s a reason people use GUIs instead of text-based interfaces – being able to view information in a more practical and organic way facilitates its usage. Filtering raw data into a more manageable form allows it to be more appropriately aggregated and understood. Like Cypher, you might be able to just see the code, but why would you want to? Analysts’ time is better spent letting the platform do the work for them.

A good SOAR platform presents the data in an easily visualizable manner, allowing security analysts to gain a better understanding of the threats their organizations face. If a retailer invests in curating a cohesive aesthetic for their Instagram profile and followers, shouldn’t they also make sure their security dashboards are just as easy to follow and share with stakeholders? The best platforms have flexible and dynamic dashboarding capabilities, allowing SOC departments to tailor it to their own needs.

What’s more, this aids users by allowing them to tailor it to the needs of others as well. Many in the security industry have long faced the issue of how to illustrate the value that they provide in a concrete way – it can be difficult to explain to others that are less tech savvy what exactly we do. Fortunately, with access to ROI data, tracking, and custom metrics, that value can be made a bit more tactile and apparent. The more effectively we communicate our value, the better it will ultimately be for both our security teams and the companies we work within.

Incident management

There are days where being in cybersecurity operations feels like a warzone. Bombs are going off all around you, tickets are flying in non-stop, and it’s all you can do to triage as much as you can while trying to keep up. By the end of the day, you and your team are overworked, stressed, and burnt out. Security teams are regularly tasked with fixing all things, all the time, 24/7, without the tools or resources necessary to do so.

An effective SOAR platform helps to deal with this by orchestrating and automating responses. Analysts can employ their knowledge through “playbooks” to automate redundant, tedious, stressful tasks. By working at a higher level, analysts can translate their experience and knowledge into more effective processes and smooth over their workflow. Instead of having to deal with everything on a case-by-case basis, they can leverage their understanding of the relevant threats and indicators to create a steadier day-to-day flow.

The point here is to put the analyst in the captain’s seat, think more Picard, less Data. Just write the playbook and set it on its path – you’ll be humming “Make it So” just in time for the holidays. And if you’re worried about missing critical information while your “Out of Office” message is set, a platform with capabilities to provide instant updates is critical. Team-based notification systems can allow teams to stay in touch even when half the office is taking a “work from home” day after the annual holiday party.

Holiday cybersecurity risks

Security breaches are not only costly for the company’s profits, they are costly for the brand’s reputation. With the holidays approaching, cyber analysts face their most hectic time of the year. Bad actors are seeing green, and the sheer increase in activity will be sure to lead to a concomitant increase in work for cyber analysts. We need to make the best use of our resources to not only relieve security analysts of unnecessary stress, but to arm them with the most efficient way to deal with threats.

The holidays are going to be stressful enough – venturing out of the house in the cold, finding the right presents, helping grandma with her IT problems even though you’re on vacation from your IT job. Why not take some of the edge away by destressing our professional life and let technology lend a helping hand?

Let this National Computer Security Day not only serve as a reminder of the data you need to protect, but as inspiration for your holiday wish list when searching for new software and platforms now available to help keep privacy protected.

The rise of continuous crowdsourced security testing for compliance

A large percentage of organizations and institutions are moving toward a rigorous, continuous testing model to ensure compliance, a Synack report reveals.

continuous crowdsourced security testing

As part of this shift toward continuous testing, organizations are utilizing crowdsourced security testing to achieve regulatory compliance and real security, with adoption expected to increase four-fold in 2020.

With new compliance frameworks such as GDPR and CCPA drastically increasing the cost of a breach, organizations are racing to protect their data. In an increasingly connected, highly regulated and digital world, business leaders and decision makers are turning to outside vendors that can ramp up quickly in a cost effective manner.

As a result, the crowdsourced security testing space – which has already gained credibility for its significantly better ROI than more traditional, less frequent, and less secure methods – has surpassed all estimates and will continue to do so in 2020 and beyond.

“The rapid embrace of crowdsourced security testing has happened because it is proven to work better than traditional security testing methods and addresses the ever growing talent gap within organizations,” said Synack CTO Mark Kuhr.

What is boosting continuous crowdsourced security testing?

The growth in crowdsourced security testing can be attributed to two major trends. The first: rapid development cycles. “Today’s security teams have shorter development cycles and dynamic environments that require rapid deployment and a continuous approach to security testing,” explains Kuhr. This explains the shift towards continuous, crowdsourced security testing for compliance purposes.

“Although we are seeing a move toward a 24/7, 365 security culture at organizations in a wide variety of industries and geographies, there is still ample room for improvement,” said Aisling MacRunnels, Synack’s CMO.

“Our survey found that on average, most security tests are lasting just 20 hours. As the number of cyber incidents continues to increase, it will be imperative for decision makers to implement security testing solutions on a continuous basis with 1500-2000 hours of testing a year.”

Secondly, organizations are looking to crowdsourced security due to tremendous pressure from boards and regulators to remain compliant and secure. Regulatory frameworks and best practices mentioned in the report including GDPR and HIPAA are increasingly requiring or recommending an annual or more frequent audit with penetration testing.

The advent of trusted and structured crowdsourced penetration testing solutions build on that trend by providing the very best of human intelligence with artificial intelligence on a continuous cadence.

“This shift toward continuous crowdsourced security testing will allow organizations and institutions to have the best of both worlds by procuring technology that offers efficient and effective results while fulfilling best practice standards such as NIST 800-53 to meet compliance objectives,” said Kuhr.

In addition to helping identify a set of security and compliance best practices for a diverse set of industries, the report found security testing is becoming part of an organization’s normal routine rather than a once-a-year check of the box focused only on compliance.

44% of organizations and institutions surveyed are performing security tests on a monthly or weekly basis, which suggests they are moving toward the more effective continuous model that crowdsourced solutions enable.

Other key findings

  • 63% of organizations agree that the most common use case for external vendors is to identify and reduce vulnerabilities, which is encouraged by different compliance frameworks and best practice standards
  • 52% of organizations experience unwanted cost and complexity due to overlap in functionality from using multiple security vendors, which is caused by poor budget allocation and overlap in vendor capabilities
  • 32% of compliance testing processes are expensive and difficult to scale, yet crowdsourced security testing solutions provide 147% higher ROI than a typical pen test and may decrease the burden of testing on organizations by reducing signal-noise ratio