Operations

7/21/2017
09:30 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

More than 40% of Organizations Unprepared for Advanced Attacks: Demisto

CUPERTINO, Calif. — July 20, 2017 — Demisto, Inc., an innovator in Security Automation and Orchestration technology, today announced the results of the State of Incident Response 2017, a study investigating challenges faced by incident response (IR) teams and how they are or are not addressing them. Security professionals from across the globe participated in the research – the first industry study to cover all aspects of incident response, including SOC location, training issues, tools utilization, and what metrics are being tracked.

The study revealed new data around companies’ struggles to keep up with and respond to cyberattacks due to lack of resources. For example, more than 40 percent of respondents said their organizations are not prepared to measure incident response, and only 14.5 percent of respondents are measuring MTTR (Mean Time to Respond). The study also discovered that while organizations are hit with an average of nearly 350 incidents per week, 30 percent of respondents reported they have no playbooks, runbooks or other documentation for incident response actions.

The study also validated the known security staff shortage issues with new findings. More than 90 percent of the respondents indicated they are challenged finding experienced employees with the necessary skill sets. The study found it takes an average of 9 months from the initiation of a hiring requisition until the new hire is fully trained. Since the need is frequently identified long before the hiring process begins, companies are without a resource – from the point where a need is identified until the point they have fully trained analysts – for almost a year. On the retention side, more than one-third of IR staff leaves within 3 years.

“One goal for this unique study was to gain better insights into how to address future threats by determining today’s major pain points for organizations,” said Rishi Bhargava, Demisto co-founder and VP of Marketing. “Incident response must continue to evolve to meet current and emerging threats. The key to effective incident response is having the right combination of people, technology and processes. However, this study revealed that many organizations are far from having this right combination.”

For a copy of the study, see: go.demisto.com/state-of-incident-response

Other key findings of the research include:

  • When asked about the areas where automation can help, 54 percent of respondents asserted that security operations and incident response are the two top priorities for them at this time.
  • Although 47.3 percent of respondents believed that automating threat hunting would provide immediate benefits, barely 12 percent had actually automated their threat hunting.
  • While 54 percent of respondents believed that automating incident response would provide immediate benefits, only 10.9 percent had already automated this facet.
  • When asked about the number of incidents occurring weekly, respondents reported dealing with an average of 346.42 incidents per week — and requiring an average of 2.28 days to resolve an incident.
  • When asked how many people in the respondents’ organizations were dedicated solely to incident response, 17.6 percent responded that there were none and 22.3 percent stated that there were only one or two.
  • According to respondents, the biggest incident response challenges are working with a large number of information security tools (37.7 percent), followed by responding to a large number of incidents (36.1 percent), and not having enough time (34.4 percent).
  • According to respondents, 40.4 percent feel there are significantly more alerts than can be handled by their staff, while 47.4 percent report it is hard to know which alerts to prioritize.

Demisto recently sponsored this independent, third-party study conducted with security professionals around the world working for companies ranging from less than 500 employees to greater than 20,000 employees. More than 200 responses were analyzed for this study, which is planned to be updated annually. Virtual Intelligence Briefing (ViB), an interactive on-line news community focused on emerging technologies, conducted the overall research. ViB’s community is comprised of more than 1.2 million IT practitioners and decision makers who share their opinions by engaging in sophisticated surveys across a range of IT solution areas.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
How Systematic Lying Can Improve Your Security
Lance Cottrell, Chief Scientist, Ntrepid,  10/11/2017
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.