July 19, 2019 • The Recorded Future Team
What’s everyone else up to in the security world?
Gaining a better understanding of how peers are routinely applying security practices, where they’re finding success, and what they’re struggling with can help you identify gaps in your own security posture. That’s why we’re taking a close look at CyberEdge’s “2019 Cyberthreat Defense Report.”
Last time, we looked at how enterprises are currently allocating their security budgets, in which CyberEdge concluded that security solutions relying on machine learning and artificial intelligence (such as true threat intelligence) were worthwhile investments to make.
Here, we’ll examine CyberEdge’s research on the security practices and strategies organizations are employing today, and how they’re employing them, looking at some facts and figures on the implementation of threat intelligence solutions, SOARs, SIEMs, and MSSPs.
Only 4.2% of organizations lack the ability to decrypt SSL/TLS-encrypted traffic so that it could be inspected for cyber threats.
Leading approaches for accomplishing decryption are:
The need for SSL/ TLS decryption efficiency and centralization is sure to increase as both the percentage and net volume of encrypted traffic rises across physical, virtual, and cloud environments. Consequently, capacity, scalability, and overall performance will continue to be critical criteria for evaluating candidate solutions in this area.
Key reasons why organizations choose to integrate threat intelligence solutions into their existing security infrastructures are:
A threat intelligence solution provides security teams with a richer body of intelligence to draw from, as well as automation capabilities for putting it to use. It’s natural, then, that organizations are also starting to invest in threat intelligence gateways, which focus on the immediate application of threat intelligence.
Here’s how organizations are approaching adding security analytics into the cyber threat defense portfolio:
Security analytics solutions are key for helping security teams cut through noise by applying algorithms and analysis to large amounts of security data. The result is a prioritized view into what matters most from a threat or risk perspective, allowing security operations personnel to further investigate findings and reach their own conclusions.
Here’s how organizations are primarily using security orchestration, automation, and response technology:
One of the biggest inhibitors to keeping security teams from adequately defending their organizations from cyber threats is the lack of skilled personnel — a pervasive issue for several years now, and likely to continue into the immediate future. This has created the need for organizations to find other ways to enhance efficiency and productivity. SOAR solutions are very good at this, designed to bring automation, speed, and accuracy to the security operations landscape. They can be used to integrate disparate policy enforcement infrastructure, handle playbook coding and execution, and more.
90% of organizations are turning to MSSPs to pick up the slack when it comes to security. Security duties that organizations are looking to looking to offload include vulnerability scanning (38.3%), event analysis and reporting (37.6%), and DDoS mitigation (37.5%).
The challenges and workloads of enterprise security teams will continue to grow. There’s no shortage of threats, plus there’s a pressing need to account for an ever-expanding technology footprint. With so many objectives to balance, it makes sense that most organizations are offloading some security tasks to MSSPs.
To look more closely at CyberEdge’s research on the security practices and strategies of organizations today, download the “2019 Cyberthreat Defense Report.” And for more information on how to leverage effective threat intelligence to improve your security posture, request a personalized demo of Recorded Future.