Security Staffing Low in Midsized and Large Orgs

Written by

One of the greatest security challenges for midsized to large organizations is a function of staffing, according to research conducted by Osterman Research on behalf of ProtectWise and published in The Evolving State of Network Security.

Surveying 400 security analysts at companies with more than 1,000 employees, Osterman Research found that the number of security staff is not commensurate with the number of employees. On average, large organizations have only one security staff member for every 1,488 employees and smaller companies have only one security staff for every 189 employees.

To put that into context: The mean number of employees at the large organizations surveyed was nearly 26,000, with 17.5 of them being security personnel. The mean number of employees for midsized companies surveyed was 2,510, which translates to 13.3 security personnel.

According to the survey results, security teams are expected to significantly increase the number of hours they spend on security incidents, with the amount of time spent on identifying and remediating security incidents reportedly doubling for large organizations. However, the more mature companies that have invested in threat intelligence report fewer false positives and an overall reduction in the volume of their security alerts.

One tactic larger organizations are using to evolve in their overall security postures is becoming less reliant on endpoint security, the survey found. “Larger organizations have more sophisticated strategies that focus heavily on forensics and investigation, which are primarily centered around network communication,” said Gene Stevens, co-founder and CTO of ProtectWise.

“Larger organizations have larger attack surfaces than their midsize and smaller counterparts. Their security teams need to be able to see the numerous phases of an attack and how devices communicate with each other. Network visibility provides a straight path and is friendly to being deployed noninvasively.”

Overall, the survey suggests that larger enterprises are continuing to evolve their security strategies. The takeaway is that an endpoint-only strategy just doesn’t work for larger or more complex infrastructures, and security teams are understanding that,” Stevens said.

More than half of the analysts surveyed are using a combined endpoint and network security approach. Said Stevens, "This means they are not only establishing complete visibility but can also investigate and respond more efficiently. Specifically, endpoint detection and response (EDR) is being matched to network detection and response (NDR) and, for many organizations, a managed detection and response (MDR). These three pillars provide great coverage, strength in detection, and promote operational efficiency.”

What’s hot on Infosecurity Magazine?