The study, conducted at RSA 2011, polled over 375 show attendees on the effectiveness of security processes, including log management, compliance reporting, real-time monitoring, forensic investigation and incident response.
The survey revealed:
- More than half of the respondents (53 percent) said that they have no coordination among these five critical security processes, or that they have only reactive “triage” across them.
- Sixty-five percent of enterprises say that they have no measurement to benchmark the effectiveness of these processes, or that this measurement is inconsistent.
- More than a third (34 percent) of respondents said that they have no proactive efforts in place to improve the five processes, or that their improvement efforts have been inconsistent.
- As a result of this absence of coordination, measurement, and proactivity, most organizations (57 percent) perceive these five core areas of security management to be ineffective or “somewhat effective” at best.
The leading use cases driving the need for more data and analysis were:
- Trying to better understand a compliance exception
- Trying to determine how a certain metric was changing over time
- Trying to better understand a real-time console alert
- Trying to demonstrate security effectiveness to others (e.g., executives).
Added Gottlieb, “Many organizations already have the security enforcement technologies they need to build the ’best available‘ security defense. What they don’t have is a method for proactively coordinating and improving the various functions through measurement and analysis, or for benchmarking their success."