This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
While many organisations invest in detecting security issues, we regularly hear about companies being breached. Security teams fight the battle against cyber threats, and CISOs still struggle to answer the question: "Is my security posture improving or deteriorating?" Why is this happening?
A new study by Enterprise Strategy Group (ESG) shines light on this issue. Nearly 75% of those surveyed said that incident response tends to be based upon informal processes. And 93% of respondents say that their incident response effectiveness and efficiency is limited by the burden of manual processes.
Security teams are inundated with alerts from multiple sources. They're using emails, spreadsheets, and phone calls for cross-team handoffs and siloed security products.
With such practices in place, it's no wonder that it takes enterprises an average of 206 days to spot a breach and an average of 69 days to contain it, according to the Ponemon Institute. And it's not improving. Of those surveyed by ESG, 61% believe that incident response has become more difficult over the past two years.
This story must sound familiar to IT teams who live it every day. We've seen that unstructured work drains productivity and keeps us on that treadmill.
In the case of security, using manual tools and processes not only hinders a team's ability to find issues and solve them quickly, but also becomes a risk. Time to containment is key to reducing the cost and impact of a breach, which can improve a firm's security posture.
In addition, the survey showed that the unhealthy reliance on manual tasks likely aggravates the divide between IT and Security teams. The two groups are often disconnected and their goals unaligned. Fixing most security incidents or threats requires collaboration between these teams.
Security Operations: A Holistic View
IDC predicts that data breaches will affect 1 in 4 of the world's population by 2020, which is a staggering amount and something that should not be overlooked from an enterprise standpoint. Many organisations are heavily invested in detecting security issues and security tools, but have neglected a critical step. What we should be looking at is to focus on processing security incidents by formalising and automating incident and vulnerability response.
Once a risk has been detected, time to containment is key to reducing the cost and impact of a breach, which can improve a firm's security posture. Security breaches can be catastrophic, but it can also be a relatively low severity vulnerability. In the case that it is considered a low-level issue, it could affect a business critical system or the CEOs laptop, in which case would certainly increase the priority of solving the issue.
Sign up for CIO Asia eNewsletters.