We are only a few months into 2017, and cybersecurity issues continue to occupy news headlines. “America has a ‘cybersecurity crisis,”says CNBC. “Does Cyber Security Have An Operational Excellence Problem?” asks Forbes. It is no surprise, really. After all, hacks, breaches, and security stories have provided some of the biggest mainstream news items for several years. If these issues are worrying the mainstream, there is no doubt they consume industry leaders.
New Research Says Volume is a Problem
Security operations leaders are beginning to implement their priorities in the hope of addressing a number of challenges being echoed throughout the industry. What sorts of challenges? New ESG research of cybersecurity professionals, commissioned by Siemplify, shows the top security challenge, voiced by a whopping 35% of respondents said they are focused on managing the immense volume of security alerts their analysts face each day.
Following closely behind in second place, 29% of respondents cited challenges around security operations tools failing to be smoothly integrated into their security operations
Security Orchestration and Automation is the Key
To put this in context, when asked specifically about the top security operations priorities for 2017, respondents planned to invest in processes and technologies to automate security operations activities related directly to incident response; this was the most frequently cited response in the research. Other high-level priorities involved investments in new threat detection tools and the need to create a security operations technology architecture that integrates multiple point tools.
The message being communicated by security professionals is clear, but, in truth, is not necessarily an epiphany. Analysts are inundated with security alerts. We know this. More troubling, the task of piecemealing together disparate security tools is much easier said than done, potentially letting crucial threats slip through the cracks.
Ignoring Important Security Alerts?
It is critical to remember, as months pass by and priorities are not implemented, alerts will continue to grow, analysts will be strained, and threats will evolve. We are at the point where some might say that a tipping point feels alarmingly close. When respondents were asked if their organizations had ever ignored alerts due to the sheer volume – even ones they believed should be investigated further – 54% confirmed that yes, potentially important alerts had been ignored due to bandwidth issues.
That is more than just troubling; it is a call to action.