Browse archive

Latest news

The security of WordPress plugins

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Businesses not fully implementing infosec programs

Is accessing work apps on the move destructive?

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

New regulation for ENISA, the EU cybersecurity agency

F-Secure advances fight against exploits

Free anti-spam software for the Mac

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Hacking charge stations for electric cars

Most organizations can't access critical security data

Posted on 28 March 2011.

Many enterprises feel that their security processes are failing to meet their potential due to a lack of coordination, benchmarking, and proactive improvement among the various “silos” of functionality, according to SenSage.

The study, conducted at RSA 2011, polled over 375 show attendees on the effectiveness of security processes, including log management, compliance reporting, real-time monitoring, forensic investigation and incident response.

The survey revealed:

More than half of the respondents (53 percent) said that they have no coordination among these five critical security processes, or that they have only reactive “triage” across them.
Sixty-five percent of enterprises say that they have no measurement to benchmark the effectiveness of these processes, or that this measurement is inconsistent.
More than a third (34 percent) of respondents said that they have no proactive efforts in place to improve the five processes, or that their improvement efforts have been inconsistent.
As a result of this absence of coordination, measurement, and proactivity, most organizations (57 percent) perceive these five core areas of security management to be ineffective or “somewhat effective” at best.

The survey also suggests that the security industry is struggling to overcome the closed data models of traditional SIEM and log management systems. When asked if they have ever encountered obstacles to data access and analysis while performing their duties as a security professional, “yes” responses outnumbered “no” responses two to one.

The leading use cases driving the need for more data and analysis were:

Trying to better understand a compliance exception
Trying to determine how a certain metric was changing over time
Trying to better understand a real-time console alert
Trying to demonstrate security effectiveness to others (e.g., executives).

“The only good news from this survey is that the coordination, measurement, improvement and perceived value of security management processes have all improved incrementally over last year,” said Joe Gottlieb, President and CEO of SenSage. “The rest of the news is more daunting. On their own, compliance reports and real-time consoles leave us ‘on edge,’ knowing that we have a problem but lack the information needed to track it down and solve it. Typical products and practices in these areas lack the historical trending and benchmarking needed to validate explicit levels of effectiveness to peers, stakeholders and customers.”

Added Gottlieb, “Many organizations already have the security enforcement technologies they need to build the ’best available‘ security defense. What they don’t have is a method for proactively coordinating and improving the various functions through measurement and analysis, or for benchmarking their success."