“Having real measurement processes and data gathering efforts in place are really important. It turns out these are not prevalent among the majority of organizations”, said Joe Gottlieb, president and chief executive of SenSage.
In addition, 53% of enterprises have little or no coordination among five critical security processes – log management, compliance reporting, real-time monitoring, forensic investigation, and incident response – the SenSage survey, The State of Security Information and Event Management Processes, found.
SenSage surveyed 375 attendees at the 2011 RSA Conference in San Francisco. This is the second year in a row that the company has conducted a survey at RSA.
More than a third of respondents said that they have no proactive efforts in place to improve the five critical information security processes or that their improvement efforts have been inconsistent.
“Organizations have challenges of finite staff and budgets coping with an ever-advancing threat landscape. In defense circles, they call this an asymmetric situation, where the attackers need to find only one vulnerability, and the defenders have to protect everything”, Gottlieb told Infosecurity. “Mainstream organizations are just doing the best they can with reactive triage”, he added.
Gottlieb explained reactive triage as follows: “When you have an incident happening, people try to deal with each other as best they can. But clearly there are no pre-arranged pieces of infrastructure, data sharing, or shared processes.”
As a result of this absence of coordination, measurement, and proactivity, 57% of organizations perceive their log management, compliance reporting, real-time monitoring, forensic investigation, and incident response processes to be ineffective or "somewhat effective" at best.
A full 52% of respondents said that they had encountered obstacles to data access and analysis while performing their security duties. Only 27% said that they had not encountered obstacles.
“This was a new question we asked, and we think it validates the need for greater data analysis in the security domain. People are just not getting the data they need”, Gottlieb said.
“The coordination and sharing of data can drive much more objective and thoughtful improvements to the security operations”, he concluded.