Following on from its 2014 survey, SANS has conducted a new survey to determine how organizations are leveraging analytics and intelligence tools and services. These are important questions to ask because without the right mechanisms in place to utilize analytics and intelligence, companies will struggle to be effective in detecting and responding to attacks.
The survey collected responses from 476 participants across a section of industry verticals and companies of varying sizes. The roles of respondents also varied from security analysts, security managers, chief information security officers as well as network operations, system administrators and support staff.
Some of the key trends to emerge from the report include:
Buzzwords: A quarter of participants considered big data for security analytics to be a buzzword, although they do see that big data and security data sharing use the same processes and tools.
Automation: Only 3% reported that their analytics and intelligence processes for pattern recognition are fully automated, and another 6% have implemented a “highly automated” intelligence and analytics environment.
Improved Visibility: 83% have improved visibility into events and actual breaches. Whilst this is not quite 20/20 vision, it is a marked improvement.
Baselining: When it comes to baselining normal behavior in order to be able to spot anomalies, 26% of participants claimed to still not be able to understand and baseline normal behavior.
Staffing: A common theme amongst nearly all security surveys resurfaces here as 59% of respondents cited the lack of people and dedicated resources as an impediment.
It is clear from the results that the use of threat intelligence is increasing and visibility is improving. However, baselining normal behavior and obtaining personnel with the right skills remain a challenge.