How Can SOC Pros Stop More Cyberattacks? (Hint: Automation)
Nearly nine in 10 IT security professionals believe they could have stopped disruptive cyber events were they better armed to respond, recent research from Deepwatch, a managed detection and response (MDR) security provider, found.
Many of the 300 security professionals survey group said more automation and less alert noise would shorten response times. Here are some of the study’s key findings:
- 85% of IT security professionals have experienced preventable business impacts resulting from insufficient response procedures.
- 97% said that more accurate alerting would increase their confidence in automating threat response actions.
- Of the 85% of security professionals that reported preventable business impacts insufficient response, 63% reported consequences of blocked access to their systems resulting in downtime, and 47% reported a negative impact on customer experience.
- Almost all (93%) of security professionals are working to reduce response times, and even more (99%) either believe they need more automation or want to learn more about automating security incident response in their organizations.
- Automation would significantly benefit organizations strapped for resources. The research found that 38% of security teams for companies with over 1000 employees are still not resourced for 24/7 SOC coverage; of that, 30% have SOC coverage during business hours only, and 8% have no SOC.
“Traditionally SOCs only existed at the large enterprises, which are well resourced with sophisticated security teams. Now, even smaller organizations recognize the need for 24/7/365 monitoring given today’s threat landscape,” said Wesley Mullins, chief technology officer at Deepwatch. “No one can prevent 100% of threats from entering their environments, so it’s just as important to have mature detection and response programs to stop the threats before they can actually damage the business or stop operations. Automating response and partnering with a trusted provider to manage detection and response are both paths to faster threat containment.”
Deepwatch is a “100 percent channel-through organization,” according to company officials. It provides a security operations platform that MSSPs and MSPs can use to detect, respond to and contain cyberattacks across customer environments. Also, Deepwatch offers a channel partner program for MSSPs and MSPs. The program allows channel partners to use Deepwatch’s platform to deliver managed endpoint detection and response (EDR), vulnerability management and firewall management services.