Utilising GenAI and machine learning helps in operational deployment at scale, where previously it was among the top 5 KPIs, now SecOps teams are reporting “more efficient threat detection and response”, in key areas:
- Extended detection and response (XDR)
- Security information and event management (SIEM)
- Addition of GenAI engineering on platforms improves operational efficiency.
To gain further insights into these mega-trends and other developments in the security operations space, TechTarget’s Enterprise
Strategy Group surveyed 366 IT and cybersecurity professionals at large midmarket and enterprise organizations in North America
(US and Canada) involved with security operations technology and processes
The top 6 SecOps challenges were:
- Monitoring security across a growing and changing attack surface (42%)
- Managing too many disconnected port tools for security analytics and operations, making it difficult to piece together a holistic strategy and investigate complex threats (33%).
However, more than
half (55%) of organizations report that consolidation efforts
are streamlining the management and operations of the
many security tools and processes in use.
- Operationalising cyberthreat intelligence (33%)
- Spending too much time on high-priority or emergency issues and not enough time on strategy and process improvement (32%)
- Detecting and/or responding to security incidents in a timely manner (31%)
- Gaining the appropriate level of security with cloud-based workloads, applications, and SaaS. (31%)
Areas for improvement include:
Detecting or hunting for unknown threats (32%) and being able to visualise the threat landscape in targeting a reaction to integrated systems’ embedded rewrites by bad actors (36%).
Another core performance indicator was “keeping up with” a changing infrastructural service offering (27%) and ensuring a proportionate and targeted response based on threat priority analysis (27%). This was seen as an essential precursor for complying with regulatory compliance or corporate governance requirements (26%), on data brokerage and disclosure of known systemic threats. The timing of the response was also deemed important, with 25% stating it could be improved.
Maintaining a database of known threats is de rigueur for the majority of participants, most of whom say managing a growing data security set – 77% say this is not something they struggle with. Engineering automation was also an area just 18% of respondents would label an area for improvement, while 24% were concerned what the efficacy of stress testing patches and system updates deployed in the cloud in a reactive SaaS managed offering.
An estimated 80% of respondents were happy with their ability to triage threats before escalating them.
Know your toolset
At the moment, around 91% of organisations reported the usage of a minimum of 10 SecOps tools, though 30% have recently consolidated their offering to ensure systemic integration for existing and pipeline data protection solutions.
Nearly 9 in 10 respondents already using an XDR solution (64% of the sample) expect them to supplement vs replace SIEM and other SecOps tools; for XDR solutions still in development, reported 21% of the sample.
Drawbacks of SIEM solutions were cited as exorbitant costing on software licensing as the threat catalogue expands and requires consistent patching (32%); the expertise required to perform more advanced analytics than that sold over the counter (OTC) (32%); and that the context of threat intelligence to business processes was often overlooked (23%) as the process hinged on detecting rule creation in dynamic response to events (25%) which must be constantly redefined as the threat evolves.
Continuous threat monitoring and management were seen as a key component of
gaining appropriate levels of security oversight
with cloud-based workloads, applications, and SaaS moved up in terms of the number of organizations prioritizing it as an issue, reflecting continuing growth and change in cloud
infrastructure and applications.
Key drivers of these consolidation campaigns were cited as: cost optimisation (39%), reducing tools management overhead by simplifying and streamlining the offering (35%); and the desire to enhance more advanced threat detection capacity (34%).
The context of the threat, say respondents, can be lost in the weight of the response, with the security operations stack generating an “unmanageable” load of alerts (33%), and in parallel with this target was the desire to “reduce overhead associated with point tools integration, development and maintenance” (32%), so that after threats are ranked in terms of their potential damage to the system, permanent threat management plug-ins can be worked in which are reactive and deliver a cost-effective solution which is proportional to the degree of the threat and can be dynamically re-adjusted.
In terms of data governance in repositories,
- 43% are in centralised silos
- 47% are in “more centralized, but some distributed or federated data”
- With just 7% using distributed ledger technology
- And 3% with the majority of data either distributed or federated, but with some centralised data.
In relation to XDR response tools, the survey found that 39% of respondents found current tools were not appropriately assimilated, meaning threat detection was “more cumbersome” than it should have been; while 35% noted specific “gaps” in cloud detection and response.
Brightsides.uk 
Leave a comment