DFLabs (www.dflabs.com), which specializes in security automation and orchestration technology, has announced new research from Enterprise Strategy Group (ESG), commissioned by DFLabs and other technology vendors, which shows that when it comes to the evolution of Cybersecurity Analytics and Operations, 71% of respondent organizations find it more difficult today than it was two years ago due to the changing threat landscape, followed by volume of alerts and increased regulatory changes.
“Despite businesses making it a priority, there is great confusion on how to make sense of and integrate security analytics and Operations. Most organizations are dealing with 10 to 25 technologies ranging from SIEMs, vulnerability assessment, endpoint detection, threat intelligence and user behavior to incident response. They are challenged with the total cost of operations and spending too much time on emergency issues,” said Jon Oltsik, senior principal Analyst, ESG.
This need for strategy and process improvements is why purchasing security operations tools designed to help organizations automate and orchestrate security operations processes was cited as the second highest priority respondent organizations will take over the next two years. The majority (90%) of respondent organizations are planning to deploy, or have somehow deployed, technologies designed for automation and orchestration. The research also revealed that automation is a higher priority (66%) than orchestration (31%) - pointing to the need for a maturity model to guide security operations centers (SOCs) and cybersecurity professionals on their journey.
“There is a lot of hype but these are not turnkey solutions,” Oltsik said. “Most organizations start by employing automation to the most time-consuming low-level tasks, such as integrating external with internal IOCs; whereas orchestration, such as building a run book, requires more thought and planning and attention. We found a great need for a ‘guided’ approach to full automation and orchestration.”
Finally, the survey found a shift in focus from threat detection to incident response. Eighty-six percent (86%) of respondent organizations are currently using or plan to use an incident response platform while 92% have deployed, plan to deploy or are interested in deploying machine learning technology to support automation and orchestration - with accelerating incident response as a top driver.
“This research validates our vision for Supervised Active Intelligence (SAI). By giving customers a path from machine-to-human to machine-to-machine operations, we gradually guide them on the maturity curve to full automation and orchestration - without losing the element of human control,” said Dario Forte, CEO, DFLabs. “Based upon an innovative machine learning and incident correlation engine, DFLabs offers a force multiplier solution that helps security operations and incident response teams quickly orchestrate the triage, containment, reporting, and remediation of data breaches and other cyber incidents.”
Surveying 412 IT professionals and cybersecurity professionals across a broad range of industry verticals, the multi-client research, titled “Next Generation Cybersecurity Analytics and Operations Survey,” seeks to better understand the evolution of the market including requirements, skills, challenges, and technology adoption plans.
Other key highlights include:
° Eighty-one percent strongly agree or agree that improving security analytics and operations is a high priority.
° Seventy-eight percent strongly agree or agree that they have a formal plan and funding to improve security analytics and operations.
° Seventy-two percent strongly agree or agree that business management is pressuring the cybersecurity team to improve security analytics and operations
° Eighty-two percent will increase spending in security analytics and operations.