Most organizations can’t access critical security data

Many enterprises feel that their security processes are failing to meet their potential due to a lack of coordination, benchmarking, and proactive improvement among the various “silos” of functionality, according to SenSage.

The study, conducted at RSA 2011, polled over 375 show attendees on the effectiveness of security processes, including log management, compliance reporting, real-time monitoring, forensic investigation and incident response.

The survey revealed:

• More than half of the respondents (53 percent) said that they have no coordination among these five critical security processes, or that they have only reactive “triage” across them.
• Sixty-five percent of enterprises say that they have no measurement to benchmark the effectiveness of these processes, or that this measurement is inconsistent.
• More than a third (34 percent) of respondents said that they have no proactive efforts in place to improve the five processes, or that their improvement efforts have been inconsistent.
• As a result of this absence of coordination, measurement, and proactivity, most organizations (57 percent) perceive these five core areas of security management to be ineffective or “somewhat effective” at best.

The survey also suggests that the security industry is struggling to overcome the closed data models of traditional SIEM and log management systems. When asked if they have ever encountered obstacles to data access and analysis while performing their duties as a security professional, “yes” responses outnumbered “no” responses two to one.

The leading use cases driving the need for more data and analysis were:

• Trying to better understand a compliance exception
• Trying to determine how a certain metric was changing over time
• Trying to better understand a real-time console alert
• Trying to demonstrate security effectiveness to others (e.g., executives).

“The only good news from this survey is that the coordination, measurement, improvement and perceived value of security management processes have all improved incrementally over last year,” said Joe Gottlieb, President and CEO of SenSage. “The rest of the news is more daunting. On their own, compliance reports and real-time consoles leave us “on edge,’ knowing that we have a problem but lack the information needed to track it down and solve it. Typical products and practices in these areas lack the historical trending and benchmarking needed to validate explicit levels of effectiveness to peers, stakeholders and customers.”

Added Gottlieb, “Many organizations already have the security enforcement technologies they need to build the ‘best available” security defense. What they don’t have is a method for proactively coordinating and improving the various functions through measurement and analysis, or for benchmarking their success.”