SecOps Teams Wrestle with Manual Processes, HR Gaps

security operations survey forrester

Enterprise security teams are “drowning in alerts.”

Only about half of enterprises are satisfied with their ability to detect cybersecurity threats, according to a survey from Forrester Consulting – with respondents painting a picture of major resource and technology gaps hamstringing their efforts to block cyberattacks.

According to the just-released 2020 State of Security Operations survey of 314 enterprise security professionals, enterprise security teams around the world feel that they struggle with the growing pace, volume and sophistication of cyberattacks. A whopping 79 percent of enterprises covered in the survey have experienced a cyber-breach in the past year, and nearly 50 percent have been breached in the past six months.

It turns out that businesses are under constant attack, with the average security operations team receiving more than 11,000 security alerts daily. Unfortunately, thanks to manual triage processes and disparate and legacy security tools permeating most environments, 28 percent of alerts are simply never addressed, the survey, released Thursday, found. Only 47 percent of organizations noted that they are able to address most or all of the security alerts they receive in a single day; and out of those that are addressed, almost a third are false positives.

In fact, according to the report findings, only 13 percent of the surveyed organizations are using automation and machine learning to analyze and respond to threats. Nearly 20 percent of alerts are manually reviewed/triaged by an analyst.

Source: Forrester Consulting

And, security operations teams use an average of more than 10 different categories of security tools, including firewalls, email security, endpoint security, threat intelligence, vulnerability management and more — tools are typically siloed, according to respondents.

Perhaps it’s no surprise then that most security operations teams reported that they are unable to hit key benchmarks for metrics like mean time to investigate, number of incidents handled, mean time to respond, threat score and number of alerts. Less than 50 percent of teams report that they meet these metrics “most of the time.”

“The net result is that security analysts are drowning in alerts, which is having a profound impact on their health, wellness and overall job satisfaction,” according to a Thursday blog from researchers Erica Naone and Mark Brozek of Palo Alto Networks, which commissioned the survey. “This reactive approach to cybersecurity also has decision-makers frustrated and dissatisfied. With Forrester Research estimating the cost of an average data breach at as much as $7 million per incident, a more proactive approach is needed to quickly prevent, identify and address cyber-threats.”

Source: Forrester Consulting.


Eighty-two percent of IT decision-makers agreed that their responses to threats are mostly or completely reactive, but they’d like to be more proactive; only 50 percent agreed that they have the right resources to proactively hunt for threats.

While adding human resources is seen as a key to overcoming these issues, the oft-reported workforce skills shortage continues to bite. Respondents to the survey said that “finding and keeping experienced security operations staff and enough analysts to support the workload is a major challenge”; and they reported “difficulty hiring, training and retaining employees who are adept at using the full security technology stack.”

Adding insult to injury, Forrester also noted that all of these hurdles are especially high in the time of COVID-19, when remote workforces have complicated the defense game. One FBI spokesperson quoted in the report said that cybersecurity complaints to the Bureau’s Internet Crime Complaint Center have spiked by 200-300 percent since the pandemic began.



Suggested articles