Panther Labs surveyed 400 active security practitioners, primarily, security analysts and security engineers, to reflect the “boots on the ground” perspective for security teams. The goal of the research was to better understand how effective their current tools and processes are, improvements they recommend making going forward, the challenges they face, and projections for the future.
The biggest challenge is efficiency. Most respondents say efficiency issues, like time wasted on false positives and a lack of efficient processes, are their biggest challenges today.
Automation would make them more effective. They believe that automating manual tasks would have the greatest impact on making security operations more efficient.
Over the last 12 months, 48% have seen a 3x increase in the number of alerts per day. This is an alarming growth rate, and for teams already stretched thin, this rate of increase exacerbates an already problematic situation.
Over 50% find that at least half of alerts are false positives. Managing a high volume of false positives is contributing to alert fatigue, and impacting security teams’ ability to focus on more high-value tasks.
55% have built their own detection and response tool, but less than half found it to be highly effective. The need to build their own tools likely stems from dissatisfaction with the tools available, so they’re taking on the momentous task of building their own when no commercial offerings can do the job.
“Threat detection and response at modern scale is challenging, no matter how large or experienced your team is,” said Jack Naglieri, CEO of Panther Labs. “The answers provided by our respondents confirm what many security practitioners experience firsthand every day: commercial tools are often not living up to their expectations, but security teams also struggle to build their own internal tooling that can perform as needed.”