Organizations lack the necessary levels of automation or visibility within their security infrastructure to gather data and give context to security incidents and root out threats hiding in the network, a new study found.
The research illuminates the need for organizations to consolidate security stacks and the need for interoperability and unified platforms, Fidelis Cybersecurity, a Bethesda, Maryland-based threat detection and solutions provider, concluded from the results of its latest State of Threat Detection Report. The problem becomes particularly nettlesome as security stacks grow yet are underused, officials said. Without the proper security framework and tools to smother cybersecurity attacks, organizations increase their risk and erode their confidence.
Read between the lines here, and perhaps there's an opportunity for MSSPs (managed security services providers) to fill the customer gaps with network monitoring and SOAR (security orchestration, automation and response) services, MSSP Alert believes.
Security Research: Survey Findings
Of the 300 CISOs, CIOs, CTOs, architects, engineers, and analysts across the finance, healthcare, public sector, federal industries surveyed, some 57 percent pointed to insufficient automation as a top priority for their organization while roughly 53 percent identified a lack of visibility as a pressing concern.
Other findings:
- 49% of respondents don’t have visibility of their entire cyber terrain.
- 55% don’t have control over blind spots hampering their organization’s ability to identify insider threats.
- Only 7% of all organizations surveyed believe they are using their security stack to its full capability.
- 78% of respondents have or intend to consolidate their security stack.
- More than half of those surveyed do not engage in threat hunting. The top two reasons are a lack of time (49%) or a skills gap (4%).
- 70% believe threat hunting is necessary in today’s cyber landscape.
Additional observations:
- Most organizations are adding more point solutions, dealing with higher levels of network traffic, and working with more connected devices than ever before.
- Typically, this is done in an urgent and reactive manner, without the necessary time and training to understand the full capabilities of the solution or assurance that they full integrate with the security stack for full interoperability.
“Organizations can’t stop their terrain from growing but they can control what they add to their security stacks for their overly burdened security teams,” said Craig Harber, Fidelis CTO. “While there’s still a lot of work to be done, organizations need to take a terrain-based defense strategy – even in how they maintain and build their stacks – to ensure the increased context and visibility required to facilitate detections and overall security posture,” he said.
