Security professionals are facing barriers on the path to modernizing the security operations center (SOC). The struggle to effectively manage high volumes of security alerts and the complexities associated with traditional SIEMs are driving the demand for a new approach to effectively address challenges in the SOC through cloud-native SIEMs combined with security automation capabilities, according to Sumo Logic-Dimensional Research?s study, titled 2020 State of SecOps and Automation.
?Today?s security operations teams are faced with constant threats of security breaches that can lead to severe fallout including losing customers, diminished brand reputation and reduced revenue. To effectively minimize risk and bridge the gap, many companies rely on automated solutions that provide real-time analysis of security alerts,? said Diane Hagglund, principal for Dimensional Research. ?These findings highlight the challenges SOC teams are facing in a cloud-centric world, but more importantly why enterprises are aggressively looking to cloud-native alternatives for security analytics and operations.?
The study reveals that managing the sheer volume of these alerts poses a significant problem for IT security professionals. Although automated security alert processing can help to mitigate this issue, it is still a work in progress for most security teams.
Key findings include:
Security alert volumes create problems for security operations
- 70% have more than doubled the volume of security alerts in the past five years
- 99% report high volumes of alerts cause problems for IT security teams
- 83% say their security staff experiences ?alert fatigue?
Automation helps, but it is still a work in progress
- 65% of teams with high levels of automation resolve most security alerts the same day compared to only 34% of those with low levels of automation
- 92% agree automation is the best solution for dealing with large volumes of alerts
- 75% report they would need three or more additional security analysts to address all alerts the same day
Better technology is needed to manage security alert volumes
- 88% face challenges with their current SIEM
- 84% see many advantages in a cloud-native SIEM for cloud or hybrid environments
- 99% would benefit from additional SIEM automation capabilities
?Enterprises are arguably dealing with more data today than ever before, and the pain security operations teams are feeling is significant. There?s never been a more important time to ensure IT security operations are up to par,? said Greg Martin, general manager for the security business unit at Sumo Logic. ?Companies need to adopt solutions that let them quickly identify, prioritize and respond to only the most critical warning signals, so that they?re not left drowning in alert overload with no direction. Our Cloud SIEM Enterprise solution fits this need and also offers rapid deployment, quick time-to-value, ease-of-use and a unified data model.?
Sumo Logic Cloud SIEM Enterprise is a cloud-native solution that addresses the challenges facing today?s modern SOC by automating the manual work for security analysts, saving them time and enabling them to be more effective by focusing on higher-value security functions. Sumo Logic Cloud SIEM Enterprise provides real-time insights and continuous intelligence SOC teams can use to quickly identify evidence of compromise and improve their ability to respond quickly by understanding the impact of an attack. This removes common technology limitations that burden a SOC’s efficiency and ability to mitigate risk.
The study was conducted via an online survey that was sent to an independent database of IT security professionals worldwide. In total, 427 qualified security individuals completed the survey. All participants had direct responsibility for security operations at an organization with a significant investment in a public cloud (IaaS) and at least 1,000 employees. Participants included a mix of job levels, regions, company sizes, number of security analysts and industries.