A new survey from security information and event management vendor Sensage underscores the challenges surrounding security measurements are starting to mount.
The annual survey, entitled “The Buried Truth: State of Security Information and Event Management Process,” Sensage revealed that many organizations are failing to consistently measure, coordinate and improve securirty data managment efforts. For example, when asked if teams are coordinating across log management, compliance reporting, real-time monitoring, forensic investigation and incident response processes, 66 percent of respondents said no. That number is up from 53 percent in 2011.
“It is hard to imagine that security practitioners are actually regressing in an area that is as critical as process coordination,” the report notes. More likely, as the challenges in these areas have mounted, practitioners have become more aware of the need for coordination and more honest about the state of coordination in their security operations.”
One of the main difficulties facing today’s enterprises is a lack of trusted, actionable information. Seventy-nine percent of the 350 respondents agreed that better data access and analysis is needed, compared to 57 percent in 2011. According to Sensage, this indicates that more organizations understand there are answers in data buried in the enterprises – data they may not be able to get their hands on or have the tools to properly analyze.
This year’s study also found that IT is struggling with consistently measuring security, with 61 percent saying they inconsistently measured security in 2012, in comparison with 50 percent of respondents in 2010 and 2011. In addition, when asked to characterize their approach, this year 41 percent said it was “light and inconsistent,” while just five percent described it as “heavy and consistent.” Twenty-five percent said it was “heavy and inconsistent.”
“If we agree that we can’t improve what we don’t measure, this is another area where the erratic or ad-hoc state of our processes leads to a frustrating inability to show forward momentum,” the report notes.
Perhaps not surprisingly, many respondents felt unprepared to deal with security risks. Just 22 percent said they were “very effective” at dealing with risks, while 64 percent said they were improving but it was a resource-intensive process. Fourteen percent rated their organization’s effectiveness in addressing risk as “less than ideal.”
“While many referred to 2011 as ‘The Year of the Breach,’ we see 2012 shaping up to be ‘The Year of Inspection,’” said Joe Gottlieb, CEO of Sensage, in a statement. “Given the responses highlighting the need for better data access, and revealing inconsistent measurement and process improvements, this year’s respondents appear to be much more honest, realistic and self-aware. This is a significant change compared to previous years, as professionals are becoming more vocal about their dissatisfaction with traditional security practices’ inability to provide the intelligence necessary to counter evolving threats and address organizations’ changing requirements.”