It is easy for enterprises to think of cybersecurity, especially as it pertains to security analytics and SIEM solutions, as purely a technology issue. These enterprises have lulled themselves into thinking that, with the right SIEM or security analytics solution deployed, they can ignore their lack of IT security professionals and talent on hand and still stay secure.
Make no mistake: selecting the right SIEM and security analytics solution is vital to your enterprises’ digital security and stability. Without such a solution deployed, your IT security professionals won’t be able to find all of the relevant security event data scattered throughout your enterprise’s network, much less aggregate and analyze it for digital threat indicators.
However, you still need competent and dedicated IT security professionals to monitor your IT environment for threats, sort through the security alerts generated by your SIEM solutions, and educate your employees on best practices. This remains true even if you have selected a managed security services provider (MSSP); you’ll still need a few IT security professionals to work in collaboration with your solution provider to ensure the best layer of security for your enterprise. You need a balance of SIEM solution and IT security professionals.
Therefore, it is important to assess the current context of IT security professionals. Through recent surveys and statistics, enterprises can gain the perspective necessary to optimize their IT security professionals’ performance, reduce their stress, and evaluate what issues they may neglect in the pursuit of cybersecurity.
IT Security Professionals, SOCs, and Exabeam’s Study
A security operations center (SOC) is a facet of your cybersecurity team, sometimes housed in a distinct facility, who evaluate and enforce your security policies and respond to digital incidents. Therefore, SOCs will be staffed by IT security professionals—and they’ll have similar concerns about your enterprise and IT environment.
According to SIEM solution provider Exabeam in their inaugural “State of the SOC” report:
- 79% of SOC professionals expressed frustration with outdated equipment and technology.
- Only 22% of CIOs and CISOs shared that frustration.
- 45% of SOC professionals state their security operations center is understaffed.
- 63% stated they could use between 2 and 10 employees.
- 62% of SOC professionals and managers see inexperienced staff as a central issue.
- Only 21% of CIOs and CISOs expressed the same worries.
- 47% of all respondents expressed difficulty in keeping up with security alerts.
That SOC professionals—who are dedicated to responding to digital threats—would report having trouble keeping up with security alerts should be a wake-up call to enterprises. Chances are your IT security professionals are overwhelmed, either by the sheer volume of alerts or by being understaffed. If possible, investing in hiring more IT security professionals can help your security teams optimize their performance and effectiveness.
Additionally, on the technical side, if you do not have a SIEM solution that can help sort through false positives it may be time to investigate that cybersecurity market. It may also be the time to evaluate your current technology and determine if an update is in order to better secure your digital assets.
Your IT security professionals need your enterprise’s support to function optimally. Make sure you’re listening to their concerns and responding to them constructively.
The LogMeIn Endpoint Management Survey: A Different Perspective
In a separate survey of IT security professionals by identity and access management solution provider LogMeIn, we can see the other challenges these professionals face as well as gaps in their behavior. The actual subject of the survey may have been endpoint management, but it reveals so much more:
- 30% of IT security professionals don’t know how many endpoint devices exist with their enterprises IT environment.
- For that 30%, the average number of endpoints in their IT environments is 750.
- 44% of IT security professionals are not actively addressing security on software.
- 52% aren’t addressing security on mobile.
- 40% of IT professional rank cloud security breaches as their top concern.
- Only 52% take active measures to address security concerns prior to a breach.
- Only 26% of the IT security professionals surveyed report investing in automated monitoring and alerts.
Again, having a good SIEM or security analytics solution in your IT environment is essential, but you need to ensure that your IT security professionals are employing those solutions properly. You do need to investigate whether their behavior—which should serve as an example to your other employees—follows cybersecurity best practices. Otherwise, no matter what solution you select, you’re enterprise will be left vulnerable.
Cybersecurity intersects technological innovation and human behavior and talent. One cannot function without the other. This is a good time to remind yourself of that fact and to evaluate both in your enterprise.
Latest posts by Ben Canner (see all)
- What Generated Data Should Your SIEM Ingest? - July 13, 2020
- Key Findings: 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management (SIEM) - July 10, 2020
- 2020 Vendors to Know: SOAR - July 8, 2020