A Lack of Integration Hampers Threat Detection

 
 
By Karen A. Frenkel  |  Posted 08-04-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    A Lack of Integration Hampers Threat Detection
    Next

    A Lack of Integration Hampers Threat Detection

    Lack of automation integration and workflow between security and response are hindering organizations' ability to prevent, detect and respond to cyber-threats.
  • Previous
    Security Efforts Often Done Manually
    Next

    Security Efforts Often Done Manually

    39% of the security pros surveyed collect and store data and perform analyses mostly or completely manually, and 42% said they are equally manual and automated.
  • Previous
    The Four Security Architecture Pillars
    Next

    The Four Security Architecture Pillars

    45% of respondents said prevention, detection, response and remediation processes are still mostly or completely manual. 35% said they equal parts automated and manual.
  • Previous
    Tools Deployed
    Next

    Tools Deployed

    There is more deployment of tools in the proactive areas of prevention and detection, and less implementation of tools in the reactive areas of response and remediation.
  • Previous
    Securities Tools and Services Deployed
    Next

    Securities Tools and Services Deployed

    Anti-malware, Antivirus: protect/prevent (90%), detect (80%), respond/remediate (59%). Endpoint Security: protect/prevent (79%), detect (71%) respond/remediate (44%). IDS/IPS/UTM: protect/prevent (70%), detect (75%), respond/remediate (36%). Vulnerability Management: protect/prevent: (59%), detect (65%), respond/remediate (39%). Web Security: protect/prevent (70%), detect (38%), response/remediate (25%)
  • Previous
    Endpoint Systems Protected
    Next

    Endpoint Systems Protected

    92% of respondents said their tools cover server endpoints, 86% reported that they cover company-owned devices, and 79% said cover their web-facing applications.
  • Previous
    Centralizing Security Data
    Next

    Centralizing Security Data

    Organizations that want to integrate and automate security processes should centralize—or at least provide appropriate access to—security-related data. But responses indicate that 54% are not centralizing this data.
  • Previous
    Centralizing Security Data (Continued)
    Next

    Centralizing Security Data (Continued)

    Of the 37% who do centralize prevention, detection, response and remediation data, 79% do so in a Security Incident and Event Manager (SIEM), 25% use the cloud and 24% use other analytics systems.
  • Previous
    Who Can Access Centralized Security Data?
    Next

    Who Can Access Centralized Security Data?

    Security analysts: 69%, Responders: 63%, Administrators: 61%, Operational IT groups: 57%
  • Previous
    Impediments to Integration
    Next

    Impediments to Integration

    The top two impediments to the full visibility needed to prevent, detect, respond to and remediate security events on networks are the lack of skills and staffing (84%) and the lack of funding and management buy-in (56%).
  • Previous
    Lack Of Interoperability
    Next

    Lack Of Interoperability

    The third inhibitor is the lack of workflow among the four pillars (34% of respondents), pointing to a lack of interoperability.
  • Previous
    Steps to Success
    Next

    Steps to Success

    The key to success is high-level management buy-in, regardless of tools or process. Once leadership and vision come from a common source, organizations can align the goals of each security function, and then use teams, processes and tools to automate and further integrate.
 

The lack of automation integration and workflow between security and response is hindering organizations' ability to prevent, detect and respond to threats, according to a new report from the SANS Institute, "Integrating Prevention, Detection and Response Workflows, SANS Survey on Security Optimization." The study assesses how organizations are structuring Gartner Group's security architecture pillars and the Center for Internet Security (CIS) Critical Security Controls. These pillars are prevention, detection, response and prediction, which are supposed to work in a continuous loop, according to Gartner. "Are these functional groups operating in unison with shared data and workflow, or are they remaining true to the tradition of operational silos in most technology groups?" asks the report author, G. W. Ray Davidson. The survey recasts Gartner's "prediction" pillar as "intelligence" and adds "remediation." The survey, sponsored by ThreatConnect, analyzes satisfaction with staffing levels, tools and management-support architectures to help provide best practices and guidance. The survey is based on 1,084 professionals who work in security (63 percent) and IT (25 percent). Eighty-five percent of the organizations surveyed are U.S.-based.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register