That being the case, then the threat of detection and response process is run as efficiently as the production of Swiss watches? The answer is far from it. According to ESG report, threat detection and response process is full of all sorts of problems. Data from 372 enterprise network security and IT experts, here are five threat detection and response encountered challenges:
five cyber threats to meet the challenges of the five cyber threats challenges
36% of respondents believe that corporate network security team spent a lot of time to deal with urgent issues rather than on strategy and process improvement. In other words, Security Operations Center team is at root of the problem rather than just boiling soup Yang, an infinite loop, but no effective result in fatigue.
30% of respondents believe that companies have added the pace of network-based, cloud hosting, applications and users and network security team is difficult to keep the infrastructure update. This is also the growing problem of surface bound to consider. As more and more organizations move operations to the cloud, the use of SaaS applications, the deployment of IoT equipment to expand the surface is the trend.
30% of respondents believe that their network has one or several "blind spots." As the saying goes, "You can not manage what you can not quantify." In network security, we can not use numbers to measure threat detection and response.
26% of respondents believe that the threat detection and response needs to be performed manually, which would prevent them always keep up with the times.
24% of respondents believe their organization does not have a good threat intelligence tools for internal and external security events are compared, so do not understand the strategy used by rival networks, skills, processes (TPPs). We do not even know who we're playing, how they are carried out, as well as the reasons. Enterprises should take this as a warning, rather than fear them.
"Security is a process,"
the current situation is not optimistic, all enterprises should attach great importance to these problems. Indeed, there are many technical issues like security monitoring and threat intelligence analysis, but the information security expert Bruce Schneier said, "Security is a process, not a product," even if it takes skill, but more need to be invested.
Chief information security at home should listen to the recommendations of Bruce, and threat detection and response to current business processes were evaluated. The above data shows the manual testing is indeed a problem. However, in addition, are there any other issues? Such as the process is streamlined and documented? Did you follow the best-practice guidelines (such as NIST event processing guidelines)? Are accompanied during the operation manual? Is there a process to continue to improve automation?
these assessments reflect the needs of people and technology, at the same time, address the threat detection and response process needs is a good starting point. This is a key business area, Chief Information Security Officer should be allowed to executive management and the board of directors understand the measure of threat detection and response need for improvement, change and indicators.
For more information please see linux www.linuxprobe.com