What Cybersecurity Practices and Strategies Enterprises Are Focused On
July 19, 2019 • The Recorded Future Team
What’s everyone else up to in the security world?
Gaining a better understanding of how peers are routinely applying security practices, where they’re finding success, and what they’re struggling with can help you identify gaps in your own security posture. That’s why we’re taking a close look at CyberEdge’s “2019 Cyberthreat Defense Report.”
Last time, we looked at how enterprises are currently allocating their security budgets, in which CyberEdge concluded that security solutions relying on machine learning and artificial intelligence (such as true threat intelligence) were worthwhile investments to make.
Here, we’ll examine CyberEdge’s research on the security practices and strategies organizations are employing today, and how they’re employing them, looking at some facts and figures on the implementation of threat intelligence solutions, SOARs, SIEMs, and MSSPs.
SSL/TLS Inspection Practices
Only 4.2% of organizations lack the ability to decrypt SSL/TLS-encrypted traffic so that it could be inspected for cyber threats.
Leading approaches for accomplishing decryption are:
- Relying primarily on individual security products to do it their own: 26.0%
- Relying primarily on standalone, decryption-offload appliances: 28.7%
- Using a combination of both techniques: 41.1%
The need for SSL/ TLS decryption efficiency and centralization is sure to increase as both the percentage and net volume of encrypted traffic rises across physical, virtual, and cloud environments. Consequently, capacity, scalability, and overall performance will continue to be critical criteria for evaluating candidate solutions in this area.
Threat Intelligence Solution Practices
Key reasons why organizations choose to integrate threat intelligence solutions into their existing security infrastructures are:
- Improving the ability to detect cyber threats: 53.7%
- Improving the ability to validate security alerts: 52.9%
- Improving the ability to prioritize responses to security alerts: 43.3%
A threat intelligence solution provides security teams with a richer body of intelligence to draw from, as well as automation capabilities for putting it to use. It’s natural, then, that organizations are also starting to invest in threat intelligence gateways, which focus on the immediate application of threat intelligence.
Security Analytics Practices
Here’s how organizations are approaching adding security analytics into the cyber threat defense portfolio:
- Complementing an existing SIEM with a separate security analytics product: 29.4%
- Relying on the existing SIEM vendor to add security analytics capabilities into their product: 28.3%
- Replacing the existing SIEM with a new product that combines SIEM and analytics: 24.1%
- Engaging an MSSP to deliver security analytics capabilities as a component of its managed service offering: 18.2%
Security analytics solutions are key for helping security teams cut through noise by applying algorithms and analysis to large amounts of security data. The result is a prioritized view into what matters most from a threat or risk perspective, allowing security operations personnel to further investigate findings and reach their own conclusions.
Security Orchestration, Automation, and Response Practices
Here’s how organizations are primarily using security orchestration, automation, and response technology:
- Accelerate or improve collection of security events and related data: 44.4%
- Accelerate or improve investigation and validation of security events: 42.1%
- Accelerate or improve prioritization of confirmed incidents: 38.7%
- Automate incident triage and response activities: 29.0%
One of the biggest inhibitors to keeping security teams from adequately defending their organizations from cyber threats is the lack of skilled personnel — a pervasive issue for several years now, and likely to continue into the immediate future. This has created the need for organizations to find other ways to enhance efficiency and productivity. SOAR solutions are very good at this, designed to bring automation, speed, and accuracy to the security operations landscape. They can be used to integrate disparate policy enforcement infrastructure, handle playbook coding and execution, and more.
Use of Managed Security Service Providers
90% of organizations are turning to MSSPs to pick up the slack when it comes to security. Security duties that organizations are looking to looking to offload include vulnerability scanning (38.3%), event analysis and reporting (37.6%), and DDoS mitigation (37.5%).
The challenges and workloads of enterprise security teams will continue to grow. There’s no shortage of threats, plus there’s a pressing need to account for an ever-expanding technology footprint. With so many objectives to balance, it makes sense that most organizations are offloading some security tasks to MSSPs.
To look more closely at CyberEdge’s research on the security practices and strategies of organizations today, download the “2019 Cyberthreat Defense Report.” And for more information on how to leverage effective threat intelligence to improve your security posture, request a personalized demo of Recorded Future.