Better detection tools, better analysis tools, and more training on how to deal with incident response issues are the top ways to improve the efficiency of the information security staff.
The survey from Enterprise Strategy Group and Intel Security found that security professionals are inundated with security incidents, averaging 78 investigations per organization in the last year, with 28 percent of those incidents involving targeted attacks – one of the most dangerous and potentially damaging forms of cyber-attacks.
According to the IT and security professionals surveyed, better detection tools, better analysis tools, and more training on how to deal with incident response issues are the top ways to improve the efficiency and effectiveness of the information security staff.
“When it comes to incident detection and response, time has an ominous correlation to potential damage,” said Jon Oltsik, senior principal analyst at ESG. “The longer it takes an organization to identify, investigate and respond to a cyber-attack, the more likely it is that their actions won’t be enough to preclude a costly breach of sensitive data.”
Nearly 80 percent of the people surveyed believe the lack of integration and communication between security tools creates bottlenecks and interferes with their ability to detect and respond to security threats. Real-time, comprehensive visibility is especially important for rapid response to targeted attacks, and 37 percent called for tighter integration between security intelligence and IT operations tools.
Security professionals surveyed claim that real-time security visibility suffers from limited understanding of user behavior and network, application and host behavior. While the top four types of data collected are network-related, and 30 percent collect user activity data, it’s clear that data capture isn’t sufficient. Users need more help to contextualize the data to understand what behavior is worrisome.
Users understand they need help to evolve from simply collecting volumes of security event and threat intelligence data to more effectively making sense of the data and using it to detect and assess incidents. Fifty-eight percent said they need better detection tools, (such as static and dynamic analysis tools with cloud-based intelligence to analyze files for intent).
People who took the survey admitted to a lack of knowledge of the threat landscape and security investigation skills, suggesting that even better visibility through technical integration or analytical capabilities will be inadequate if incident response teams cannot make sense of the information they see.