Siemplify and ESG Research Finds Majority of Organizations Forced to Ignore Important Alerts

Joint research with Enterprise Security Group reveals security leaders’ top challenges and their broader implications for security operations

NEW YORK--()--Siemplify™, the leader in security orchestration and incident response, today announced the release of a new Enterprise Security Group (ESG) Research Report. In early 2017, ESG and Siemplify launched a joint research effort to better understand the complex challenges and priorities that security operations leaders are navigating this year.

Surveying 150 cybersecurity professionals across a variety of verticals, the extensive study sheds new light on the growing needs of security operations. Though organizations have spent resources on and deployed more detection systems, there is now a developing need to shift their focus to achieving efficient and rapid response times, making it clear that manual and unstructured triage and response processes are one of the main factors hampering efficient response. Organizations were furthermore overwhelmed by the amount of security alert data and also struggle with the cybersecurity industry’s ongoing staff and skill shortage.

Key findings of the joint research:

  • Data suggests growing challenges in security operations organization, alert volumes and available skilled personnel:
    • More than half of the organizations surveyed (54%) knowingly ignore important alerts, unable to keep up with the sheer volume of incoming threats.
    • More than 80% of organizations claim they do not consistently have the right size security staff with a proper skillset.
  • Major challenges cited around the inability to integrate diverse sets of security tools.
    • A majority (68%) of organizations are utilizing too many systems to manage, investigate and respond to security threats.
    • 29% of cybersecurity professionals say that integrating these existing security tools is at the top of their priority tasks for security operations teams.
    • As a result, it is not surprising that gathering basic data relevant to an alert (or attack) and analyzing log repositories is cited as the most time consuming task for Security Operations teams.
  • Security Leadership, in response to these and other challenges, say security orchestration is increasingly looked to for relief.
    • Fully 95% of respondents recognize the value of being able to consolidate & contextualize alerts -- e.g. group separate alerts related to the same incident/cluster across timeframe, source, event, etc.
    • A staggering 96% of respondents have security orchestration projects underway or are contemplating launching such initiatives.
    • 74% of security organizations will be increasing their spending on security operations over the next two years.

“We believe the industry is at a tipping point. The rapidly changing digital landscape subjects organizations to vastly different threat profiles and challenges them to reexamine their response. Security leaders understand that changes to their dispersed systems are inevitable and that simply ramping up staff numbers will not provide a solution”, said Amos Stern, Siemplify Co-Founder and CEO.

As organizations look to respond, the data suggest they’ve started to actively embrace security orchestration, which acts as a centralized hub for security analysts to manage, streamline and automate threat response. This significantly improves efficiency, drives consistency in response and reduces the dependence on inconsistent manual processes. Ultimately, effective orchestration aims to provide analysts with a "workbench" to efficiently address all types of threats, leveraging both machine-driven and analyst-led response.

“It is no wonder why CISOs are turning to security orchestration,” said Jon Oltsik, Principal Analyst at Enterprise Strategy Group. “As more and more organizations hit a critical mass of alerts while at the same time suffering from a lack of security staff to respond to them, security leaders need tools to maximize their existing security operations without adding headcount.”

For an in-depth analysis of the research, SANS will be featuring the ESG Research Report in an exclusive webinar. Register here.

Download a copy of the ESG 2017 Security Operations, Challenges, and Strategies report.

About ThreatNexus

Siemplify ThreatNexus is an integrated security orchestration platform designed for security teams to manage, investigate, and automate threat response from a single pane of glass. As the primary workbench for analysts, ThreatNexus provides the playbooks to drive consistency throughout the threat management process, delivering measurable ROI. Built atop a proprietary graph architecture leveraging patented cyber ontology, ThreatNexus provides the context necessary to understand the complete threat storyline. ThreatNexus is the only comprehensive security orchestration platform to provide the full spectrum of case management, automation, and investigation giving analysts the ultimate balance in machine driven and analyst led response. For more information about Siemplify, please visit www.siemplify.co and follow @Siemplify, LinkedIn/Siemplify and Facebook/Siemplify.

Siemplify and ThreatNexus are trademarks of Cyarx Technologies Ltd.

Contacts

Siemplify
Leonard Navarro
leonard@siemplify.co

Release Summary

Siemplify, the leader in security orchestration and incident response, today announced the release of a new Enterprise Security Group (ESG) Research Report on the needs of security operations.

Contacts

Siemplify
Leonard Navarro
leonard@siemplify.co