Survey Surfaces Need to Change SecOps Priorities

A survey of 250 senior cybersecurity and IT professionals found well over half of respondents (57%) reported that security operations (SecOps) are more chaotic today than two years ago, with 96% planning to reevaluate their priorities.

Conducted by Enterprise Strategy Group on behalf of Anvilogic, a provider of a platform for automating threat detection, the survey identified increasingly complex IT infrastructure (50%) followed closely by increased skills shortages (48%) as the primary culprits.

The major gaps identified by survey respondents included detection (43%), investigation and triage (42%), response (40%) and visibility (38%), the survey found. Two-thirds (66%) of respondents have been breached five times or more in the last 12 months, with 93% being uncertain of the scope of those breaches.

The biggest challenges cited are oversight of cloud security (53%) followed by dependencies on manual processes and insufficient cybersecurity skillsets, each tied at 39%.

The survey also found that a full 83% are relying on increased automation to address those challenges, but 64% either have only one individual or no one dedicated to threat engineering. The survey also found that, on average, an estimated 160 alerts a day are not investigated, even though 86% are collecting more security data than they did two years ago.

Overall, the survey found two-thirds of respondents (66%) are using security event information management (SIEM) platforms, followed by network detection and response tools (65%), security posture and risk assessment tools (61%), security automation orchestrion and response (SOAR) platforms (60%) and end user behavior analytics tools (60%). The biggest issue organizations will face in the next 12 to 18 months is extending existing platforms in ways that were not originally intended (57%), the survey found.

Anvilogic CEO Karthik Kannan said organizations are constantly trying to strike a balance between cost and securing data. Increased reliance on automation should improve the cost of cybersecurity, but there is an upfront investment in automation required to reduce the total cost of cybersecurity, he added.

Business executives, however, don’t always appreciate the level of complexity that security operations teams encounter now that applications are running everywhere from the cloud to the network edge, noted Kannan.

There’s clearly a desire to reduce the total cost of cybersecurity during uncertain economic times, but achieving that goal can be problematic in an age where cyberattacks against multiple attack surfaces are increasing in both volume and sophistication.

The survey, for example, found 89% of all respondents need a transformational-to-moderate amount of change in their security operations centers to mitigate threats, with more than three-quarters (77%) looking for new ways to engineer detection rules.
Well over half (57%) said the amount of work required to design, code, implement and manage their threat detection rules is either overwhelming or challenging, with 86% reporting that updating detection life cycle processes takes a week or more.

It’s not clear right now what the appetite is for additional cybersecurity tools and platforms. Many organizations are reluctant to hire additional employees, so without some form of platform consolidation, there might not be enough personnel to learn how to deploy and master additional cybersecurity tools and platforms.

However, after investing in a wide range of tools and platforms for years, the need to automate processes by leveraging artificial intelligence (AI), for example, is starting to become more apparent. In many cases, those AI platforms will eliminate much of the routine toil that drives turnover seen among cybersecurity teams.

One way or another, the cybersecurity automation conversation will soon come to a head as organizations realize they can’t keep pace with cybercriminals that are increasingly automating attacks against any target available.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 745 posts and counting.See all posts by mike-vizard