informa
Quick Hits

'Silos' Of Security Processes Still Not Integrated, Study Says

Log management, compliance reporting, real-time monitoring, forensic investigation, and incident response still not coordinated, according to SenSage study
Many enterprises think their security processes are failing to meet their potential due to a lack of coordination, benchmarking, and proactive improvement among the various "silos" of functionality, according to a new survey published yesterday.

The survey, conducted by SIEM vendor SenSage at the 2011 RSA Conference in San Francisco, polled more than 375 show attendees on the effectiveness of five critical security processes: log management, compliance reporting, real-time monitoring, forensic investigation, and incident response.

In the study, more than half of the respondents (53 percent) said they have no coordination among those five security processes, or that they have only "reactive triage."

"There are effective security processes out there, but often there's no correlation between them," says Joe Gottlieb, CEO of SenSage. "The data isn't being effectively analyzed, and organizations aren't seeing the whole picture."

Sixty-five percent of enterprises said they have no measurement to benchmark the effectiveness of these processes, the study says, or that this measurement is inconsistent.

More than a third (34 percent) of respondents said they have no proactive efforts in place to improve the five processes, or that their improvement efforts have been inconsistent, according to the study.

Most of the respondents (57 percent) perceive their log management, compliance reporting, real-time monitoring, forensic investigation, and incident-response processes to be ineffective or "somewhat effective" at best.

When asked whether they have ever encountered obstacles to data access and analysis while performing their duties as a security professional, "yes" responses outnumbered "no" responses two to one.

"On their own, compliance reports and real-time consoles leave us on edge, knowing that we have a problem but are deprived of the data we need to track it down and solve it," Gottlieb says.

SenSage hopes to get the industry talking about these issues in a new forum called Open Security Intelligence. The company will also hold a webinar on the report findings April 14.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading: