A research study on cyber threats reveals that 55% of organizations have created their own detection tool, but less than half consider it very effective. Whether or not that figure reflects the reality of your own organization, panther labs uncovers intriguing findings in its new report, “Threat detection and response status.”
Panther Labs, a San Francisco, California-based cybersecurity company specializing in cloud-scale detection and response, surveyed 400 US security professionals for its report. To reflect the “boots on the ground” perspective for security teams, respondents were primarily security analysts and security engineers.
As part of its research, Panther Labs tested the effectiveness of its own tools and processes, the challenges they face, and projections for the future. The research also includes Panther Labs’ recommendations for cybersecurity improvements, which MSPs and MSSPs may want to take note of.
Cyber threat alerts give way to false positives
Data breaches are at an all-time high, and the ways malicious actors go after vulnerable organizations are becoming more sophisticated. As such, security teams face unprecedented challenges in protecting their organizations, according to the Panther Labs report.
Adding to the challenges for security teams are threat detection and response activities that are hampered by tools that have not evolved to manage the massive amounts of data generated by today’s cloud infrastructure and applications.
With this reality in mind, Panther Labs offers these key findings:
- 55% of respondents have created their own detection and response tool, but less than half found it very effective. The need to build your own tools is probably due to dissatisfaction with the tools available. In fact, 25% said that the tool they built was very ineffective.
- The biggest challenge is efficiency. Most respondents say that efficiency issues, such as time lost to false positives and lack of efficient processes, are their biggest challenges today.
- Automation would make them more effective. Respondents believe that automating manual tasks would have the greatest impact on making security operations more efficient.
- Over the past 12 months, 48% of respondents have seen a threefold increase in the number of alerts per day. This is an alarming rate of growth, Panther Labs says, compounding an already problematic situation for teams already stretched thin.
- More than 50% of respondents find that at least half of the alerts are false positives. Managing a high volume of false positives contributes to alert fatigue and affects the ability of security teams to focus on higher value tasks.
Panther Labs issues a wake-up call
Jack Naglieri, CEO and founder of Panther Labs, adds perspective to his company’s research:
“Detecting and responding to threats on a modern scale is challenging, no matter how large or experienced your team is. The answers provided by our respondents confirm what many security professionals experience firsthand every day: commercial tools often fall short of their expectations, but security teams also struggle to build their own internal tools that They can function as needed.
However, the report reveals a disparity of opinion on threat detection and response programs as the top priority over the next 12 months. “Ensuring full coverage of the organization’s resources” is the top priority for 16.9% of respondents, and the priorities break down from there.
Answer number 2 is a tie, with 13.5% saying “advancing our cloud security posture” or “adding more security sensors” is their best option. “Improving the speed of our response rate” and “others” tied at 11.8%, with 10.1% reporting “adding security logs in one place” or “reducing false positives”. Other options include “getting buy-in from management to expand funding” (8.4%) and “generate better reporting metrics” (3.3%).
For more survey responses and additional perspective, download a full copy of the report.