A recent survey by Rapid 7 found that security professionals are struggling to detect and investigate incidents because the monitoring solutions available do not provide visibility into today’s modern IT environments and cannot give users the insight they need to make decisions quickly.
The 2015 Incident Detection and Response Survey found that information security teams are expected to mitigate risk in sprawling environments, where employees are remotely accessing the network, at any time, from any place. The network perimeter has now expanded to include cloud services, mobile devices, and global workforces that encompass partners and contractors, making prevention as the sole security strategy effectively obsolete. Preventative solutions alone cannot protect against many of the most common attack vectors behind breaches, such as phishing and stolen credentials.
In an effort to better monitor their IT environments, security teams are investing further in incident detection and response solutions to detect and contain compromise when it occurs. However, while 55% of organizations say they are using a SIEM (Security Information and Event Management) to aid with incident detection and response, alarmingly, 62% of these organizations report receiving more alerts than they can handle. In addition, SIEMs are not being used to monitor cloud services in use, leaving organizations blind to this important part of modern IT environments.
Additional highlights from the survey include:
•45% of respondents plan to increase spending on incident response programs and solutions
•Only 1/3 of organizations report visibility into cloud services, while 79% of respondents reported allowing the use of at least one cloud service within their organization
•The top three challenges facing security teams today are: (1) no visibility into user risk; (2) more alerts than the security team can handle; and (3) investigations that take too long