Despite reported threat detection, investigation, and response (TDIR) improvements in security operations, more than half of organizations still experienced significant security incidents in the last year.
FOSTER CITY, Calif., Jan. 30, 2023 — According to new research from International Data Corporation (IDC) and Exabeam, a global cybersecurity leader that delivers AI-driven security operations, 57% of companies experienced significant security incidents in the last year that required extra resources to remediate — shining a glaring light on program gaps caused by dedicated but overburdened teams lacking key, automated threat detection, investigation, and response (TDIR) resources. North America experienced the highest rate of security incidents (66%), closely followed by Western Europe (65%), then Asia Pacific and Japan (APJ) (34%). Research for the Exabeam report, The State of Threat Detection, Investigation and Response, November 2023, was conducted by IDC on behalf of Exabeam and includes insights from 1,155 security and IT professionals spanning these three regions.
The findings reveal a significant gap between self-reported security measures and reality. Despite 57% of interviewed organizations reporting significant security incidents, over 70% of organizations reported better performance on cybersecurity key performance indicators (KPIs), such as mean time to detect, investigate, respond, and remediate in 2023 as compared to 2022, and the overwhelming majority of organizations (over 90%) believe they have good or excellent ability to detect cyberthreats. Seventy-eight percent also believe that their organizations have a very effective process to investigate and mitigate threats. These inflated confidence levels are creating a false sense of security and likely putting organizations at risk. A continued lack of full visibility and complete TDIR automation capabilities, which survey respondents also reported, may explain the discrepancy.
“While we aren’t surprised by the contradictions in the data, our study in partnership with IDC further opened our eyes to the fact that most security operations teams still do not have the visibility needed for overall security operations success. Despite the varied TDIR investments they have in place, they are struggling to thoroughly conduct comprehensive analysis and response activities,” said Steve Moore, Exabeam Chief Security Strategist and Co-founder of the Exabeam TEN18 cybersecurity research and insights group. “Looking at the lack of automation and inconsistencies in many TDIR workflows, it makes sense that even when security teams feel they have what they need, there is still room to improve efficiency and velocity of defense operations.”
A visibility crisis in security operations
Organizations globally report that they can “see” or monitor only 66% of their IT environments, leaving ample room for blindspots, including those in the cloud. While no organization is immune from adversarial advances, the lack of full visibility means that organizations are potentially blind to any advances in those unseen environments.
“Despite having the lowest number of security incidents, APJ reports the lowest visibility of all regions at 62%, signaling that these teams may be missing and failing to report incidents as a result,” noted Samantha Humphries, Senior Director, International Security Strategy, Exabeam. “With business transformation initiatives moving operations to the cloud and an ever-increasing number of edge connections, lack of visibility will likely continue to be a major risk point for security teams in the year ahead.”
Automation lags across TDIR
With TDIR representing the prevailing workflow of security operations teams, more than half (53%) of global organizations have automated 50% or less of their TDIR workflow, contributing to the amount of time spent on TDIR (57%). Not surprisingly, respondents continue to want a strong TDIR platform that includes investigation and remediation automation, yet hesitation to automate remains.
“As attackers increase their pace, enterprises will have to overcome their reluctance to automate remediation, which often stems from concern over what might happen without a human approving the process,” said Michelle Abraham, Research Director for IDC’s Security and Trust Group. “Organizations should embrace all the helpful expertise they can find, including automation.”
The greatest TDIR needs in 2024 and beyond
When organizations were asked about the TDIR management areas where they require the most help, 36% of organizations expressed the need for third-party assistance in managing their threat detection and response, citing the challenge of handling it entirely on their own. This highlights a growing opportunity for the integration of automation and AI-driven security tools. The second most identified need, at 35%, was a desire for improved understanding of normal user and entity and peer group behavior within their organization, demonstrating a demand for TDIR solutions equipped with user and entity behavior analytics (UEBA) capabilities. These solutions should ideally minimize the need for extensive customization while offering automated timelines and threat prioritization.
“As organizations continue to improve their TDIR processes, their security program metrics will likely look worse before they get better. But the tools exist to put them back on the front foot,” continued Moore. “Because AI-driven automation can aid in improving metrics and team morale, we’re already seeing increased demand to build even more AI-powered features. We expect the market demand for security solutions that leverage AI to continue in 2024 and beyond.”
The organizations surveyed for the report represent North America (Canada, Mexico, and the United States), Western Europe (UK and Germany), and APJ (Australia, New Zealand, and Japan), across multiple world industries.
To download and read The State of Threat Detection, Investigation, and Response 2023 report, including regional survey results and IDC’s essential guidance, visit the Exabeam website here.
About Exabeam
Exabeam is a global cybersecurity leader that delivers AI-driven security operations. The company was the first to put AI and machine learning in its products to deliver behavioral analytics on top of security information and event management (SIEM). Today, the Exabeam Security Operations Platform includes cloud-scale security log management and SIEM, powerful behavioral analytics, and automated threat detection, investigation and response (TDIR). Its cloud-native product portfolio helps organizations detect threats, defend against cyberattacks, and defeat adversaries. Exabeam learns normal behavior and automatically detects risky or suspicious activity so security teams can take action for faster, more complete response and repeatable security outcomes.
Detect. Defend. Defeat.™ Learn how at www.exabeam.com.
Exabeam, the Exabeam logo, New-Scale SIEM, Detect. Defend. Defeat., Exabeam Fusion, Smart Timelines, Security Operations Platform, and XDR Alliance are service marks, trademarks, or registered marks of Exabeam, Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their owners. © 2024 Exabeam, Inc. All rights reserved.
Contacts:
Allyson Stinchfield
Exabeam
[email protected]
Touchdown PR for Exabeam
Shannon Cieciuch
[email protected]
