The vast majority (83%) of cyber security professionals say that they are struggling to cope with a near-constant barrage of security alerts and complex security incident and event management (SIEM) tools, according to a report compiled by Dimensional Research on behalf of Sumo Logic, a supplier of security intelligence services.
The 2020 state of SecOps and automation survey – which had input from 427 IT leaders with direct responsibility for security at an organisation that had both at least 1,000 heads and had made a significant public cloud investment – found that 70% had seen the volume of security alerts they receive more than double since 2015, while 99% said high alert volumes caused problems for security teams, and 83% said their staff were experiencing alert fatigue.
“Today’s security operations teams are faced with constant threats of security breaches that can lead to severe fallout including losing customers, diminished brand reputation and reduced revenue,” said Diane Hagglund, principal for Dimensional Research.
“To effectively minimise risk and bridge the gap, many companies rely on automated solutions that provide real-time analysis of security alerts.
“These findings highlight the challenges security operations centre [SOC] teams are facing in a cloud-centric world, but more importantly why enterprises are aggressively looking to cloud-native alternatives for security analytics and operations.”
Sumo Logic said that this was just one of a number of challenges facing security professionals on the path to modernising their SOCs, and called for a new approach to SIEM that might effectively address this.
Automating more of the security stack, for example, might be helpful. Two-thirds of teams with high levels of automation said they resolved most security alerts the same day, compared to 34% of those with low levels of automation – although it did not define what constituted a high or low level of automation.
It did, however, find substantial support for automated security – 94% agreed automation was the best option for dealing with alert overload, and 99% thought they would benefit from SIEM automation capabilities specifically, while 84% said they saw advantages in a cloud-native SIEM for cloud or hybrid environments.
“Enterprises are arguably dealing with more data today than ever before and the pain security operations teams are feeling is significant. There’s never been a more important time to ensure IT security operations are up to par,” said Greg Martin, general manager for the security business unit at Sumo Logic.
“Companies need to adopt solutions that let them quickly identify, prioritise and respond to only the most critical warning signals, so that they’re not left drowning in alert overload with no direction,” he said.
The full report can be downloaded, subject to registration, from Sumo Logic’s website.
Read more about SIEM
- SIEM systems aggregate a lot of data across all types of infrastructure. For regular audits, admins should address notification settings, analysis protocols and storage locations.
- Sega Europe’s SOC radically improved its operational efficiency, slashing incident response times with a cloud SIEM service.
- SIEM and SOAR tools are now seen as complementary to each other, but key differences in purpose and features may determine which one you decide to use in your datacentre.