Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


'Silos' Of Security Processes Still Not Integrated, Study Says

Log management, compliance reporting, real-time monitoring, forensic investigation, and incident response still not coordinated, according to SenSage study

Many enterprises think their security processes are failing to meet their potential due to a lack of coordination, benchmarking, and proactive improvement among the various "silos" of functionality, according to a new survey published yesterday.

The survey, conducted by SIEM vendor SenSage at the 2011 RSA Conference in San Francisco, polled more than 375 show attendees on the effectiveness of five critical security processes: log management, compliance reporting, real-time monitoring, forensic investigation, and incident response.

In the study, more than half of the respondents (53 percent) said they have no coordination among those five security processes, or that they have only "reactive triage."

"There are effective security processes out there, but often there's no correlation between them," says Joe Gottlieb, CEO of SenSage. "The data isn't being effectively analyzed, and organizations aren't seeing the whole picture."

Sixty-five percent of enterprises said they have no measurement to benchmark the effectiveness of these processes, the study says, or that this measurement is inconsistent.

More than a third (34 percent) of respondents said they have no proactive efforts in place to improve the five processes, or that their improvement efforts have been inconsistent, according to the study.

Most of the respondents (57 percent) perceive their log management, compliance reporting, real-time monitoring, forensic investigation, and incident-response processes to be ineffective or "somewhat effective" at best.

When asked whether they have ever encountered obstacles to data access and analysis while performing their duties as a security professional, "yes" responses outnumbered "no" responses two to one.

"On their own, compliance reports and real-time consoles leave us on edge, knowing that we have a problem but are deprived of the data we need to track it down and solve it," Gottlieb says.

SenSage hopes to get the industry talking about these issues in a new forum called Open Security Intelligence. The company will also hold a webinar on the report findings April 14.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-24
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
PUBLISHED: 2020-11-24
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went throu...
PUBLISHED: 2020-11-24
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s):,,,
PUBLISHED: 2020-11-24
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
PUBLISHED: 2020-11-24
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.