4 out of 5 organizations believe their threat detection and investigation mechanisms are slow and incompetent in dealing with cyber threats today.
RSA revealed major shortcomings in the currently implemented global practices in threat detection. ‘A large scale Threat Detection Effectiveness Survey’ conducted by the global security service provider, with employees from over 160 organizations showed that companies are dissatisfied with their detection and investigation systems.
The findings discovered that speed problems and faulty augmentation of technologies were the two major problems face by enterprises trying to safeguard and monitor data. Agility in detection and investigation is vital in minimizing damage sustained from cyber-attacks and data theft. Around 90 % companies in the survey believed that their organization’s threat detection and investigation system was not quick enough in dealing with such intrusions.
Most organizations still mainly rely on the implementation of inconsistently augmented SIEM and fragmented foundation of data and technologies for shielding them from data breaches and attacks. Over two-third organizations agreed that their detection and investigation systems were incompetent when capturing packet data or using anti-malware or endpoint tools. The research also showed that a large number of organizations do not effectively monitor their packet and flow data. Only 10% felt that they could effectively monitor their networks and investigate attacks effectively.
Amit Yoran, President, RSA, said, “Organizations are not collecting the right data, not integrating the data they collect, and focusing on old-school prevention technologies. Today’s reality dictates that they need to plug gaps in visibility, take a more consistent approach to deploying the technologies that matter most, and accelerate the shift away from preventative strategies.”
Another significant finding was the lack of integration of data; presence of data silos which in turn slows performance and limits comprehensive detection of breaches and attacks. One positive observation however, was theshift towards implementation of behavioral analytics in tracking unwanted activities across systems. Organizations have started to use identity data as an aid in simplifying detection and tracking based on recognizing patterns of anomalous activities. Behavioral Analytics was found out to be the popular cybersecurity investment among organizations.
The research revealed a number of inconsistencies in enterprise security systems, highlighting the fact that companies need to make a shift in their focus and implement more competent detection and investigation technologies to comprehensively monitor their networks and prevent data breaches and cyber thefts.