Only 43% of security pros can respond to critical alerts in less than an hour
Deepwatch released the State of the Modern SOC report, which found that most IT security professionals believe they could have stopped business impacting cyber events if equipped with better response capabilities. Many seek more automation and less alert noise to shorten response times.
The report found that 85% of IT security professionals have experienced preventable business impacts resulting from insufficient response procedures, while 97% said that more accurate alerting would increase their confidence in automating threat response actions. More than 300 security professionals, working at U.S. organizations with 1,000 or more employees, were surveyed by Dimensional Research for this report.
“Stronger detection paves the way for trustworthy automated response and fast, effective containment of cyber threats,” said Wesley Mullins, CTO at Deepwatch. “Modern security operations centers (SOCs) should be equipped with high-fidelity alerts, that include proper contextualization and correlation to provide as clear of a picture of the threat as possible. Not only does that enable analysts to work better, but it also unlocks the ability to implement automated response actions that stop threats with speed and precision. The key is confidence in the detection.”
93% of security professionals are working to reduce response times, and 99% either believe they need more automation or want to learn more about automating security incident response in their organizations. Automation would significantly benefit organizations strapped for resources. The research found that 38% of security teams for companies with over 1000 employees are still not resourced for 24/7 SOC coverage; of that, 30% have SOC coverage during business hours only, and 8% have no SOC.
“Traditionally SOCs only existed at the large enterprises, which are well resourced with sophisticated security teams. Now, even smaller organizations recognize the need for 24/7/365 monitoring given today’s threat landscape,” said Mullins. “Unfortunately, threat actors don’t respect business hours and can cause harm to any organization, anywhere in the world, including unintended targets.”
Of the 85% of security professionals that reported preventable business impacts insufficient response, 63% reported consequences of blocked access to their systems resulting in downtime, and 47% reported a negative impact on customer experience.
Mullins added: “With the rise of ransomware and attacks on critical infrastructure, we all know that cyber incidents can have highly disruptive impacts on operations. That can certainly cost a business internal productivity and revenue, but in the case of critical infrastructure, these attacks can have much more troubling consequences. No one can prevent 100% of threats from entering their environments, so it’s just as important to have mature detection and response programs to stop the threats before they can actually damage the business or stop operations. Automating response and partnering with a trusted provider to manage detection and response are both paths to faster threat containment.”