A new study released today from the IT analyst firm, Enterprise Strategy Group (ESG), found that companies in North America are poised to increase their reliance on security automation and orchestration for incident response (IR). The research, sponsored by Hexadite, also explored the drivers of this shift, identifying the shortage of qualified cybersecurity professionals and the heavy reliance on manual resources as the main contributing factors.
ESG surveyed 100 IT professionals with knowledge or responsibility for their organization’s incident response processes and technologies. The research shows that 91 percent of these people believe that IR efficiency and effectiveness are limited by the time and effort of manual processes. In addition, it found that 97 percent of organizations have either already taken steps to automate and/or orchestrate incident response processes, or plan to do so within the next 18 months.
“Nearly every organization admits to challenges in the way they currently handle incident response, forcing them to look for other options. Big changes are coming,” said Jon Oltsik, senior principal analyst at ESG. “Based on input from practitioners in the field, it’s clear that organizations see the value of IR automation and orchestration and we’re just at the beginning of this trend.”
Key Findings and Analysis
Based on the data collected, ESG’s key findings include:
- High Alert volume has made incident response difficult.
o 98 percent of respondents admit to having challenges with incident response capabilities.
o 71 percent claim that incident response has become more difficult at their organizations over the past two years.
o Monitoring processes from end-to-end (47 percent), keeping up with the volume of threat intelligence (46 percent), and keeping up with the volume of security alerts (43 percent) were the three most frequently cited challenges.
- The security skills gap combined with heavy reliance on manual resources exacerbate IR challenges.
o 91 percent of respondents said IR efficiency and effectiveness are limited by the time and effort of manual processes.
o 91 percent also said they are actively trying to increase the size of their incident response staff right now.
- Many enterprises are turning to automation and orchestration to improve IR efficacy while streamlining operations.
o More than half (62 percent) of enterprise organizations have already taken action to automate and/or orchestrate IR processes. Another 35 percent are either currently engaged in a project to do so, or plan to initiate a project within 18 months.
o This shift is just beginning. The vast majority of organizations currently classify their IR automation/orchestration initiatives as being in early or immature stages. Only about one-third (32 percent) currently categorized their initiatives as being in a mature stage.
o The reasons most often cited for the move to IR automation/orchestration include automated data collection (50 percent), reducing in human error (49 percent), and improving analysts’ ability to triage incidents (47 percent).
- CISOs have robust plans for IR spending and process alignment in the next few years.
o 91 percent of survey respondents said that their organization’s spending on incident response will increase over the next two years – 40 percent said that spending will increase significantly.
o Zero respondents said spending would decrease.
o 50 percent of organizations plan to improve the alignment of IR and IT governance processes.
o 43 percent plan to test their IR processes more often.
o 38 percent plan to hire more incident response personnel.
“People love the way Hollywood depicts cybersecurity – full of drama, excitement and masterminds on both sides. But in the real world, CEOs, CIOs and Board of Directors all want to keep cybersecurity simple, quiet and most of all, cheap,” said Chen Heffer, CISO for Douglas County, Colorado. “Human error is always going to be part of the cybersecurity equation, but working with automated tools that shorten the response time and negate most human errors is the real ROI of cyber security. It makes detection less scary, response much more efficient and investigation and recovery somewhat even fun.”
“The resources being dedicated towards incident response show that it’s a growing priority for organizations that are trying to find a solution for the challenges presented by rising alert volumes and the lack of skilled analysts to handle them,” said Eran Barak, CEO and co-founder of Hexadite. “While hiring more people – if you can find them – will help strengthen any security team, hiring is simply not enough to attack this challenge. Organizations are coming to the conclusion that they have to work smarter in order to win this battle, and that’s why so many of them are starting to look towards automation.”
To download the full report, “Security Orchestration and Automation: Closing the Gap in Incident Response,” visit https://www.hexadite.com/resource/security-orchestration-automation-closing-gap-incident-response.