Forrester Study: The 2020 State of Security Operations

In February 2020, Palo Alto Networks commissioned Forrester Consulting to conduct a study, The State of Security Operations, surveying 315 security operations decision-makers from around the world to understand their challenges, investment priorities and opportunities. We’ve compiled the top-line results in an interactive infographic – check out how your own security operations measure up!

The 2020 State of Security Operations study from Forrester Consulting finds that enterprise security teams around the world continue to struggle with the growing pace, volume and sophistication of cyberattacks. The commissioned survey of over 300 enterprise security operations professionals reveals that only 46% of enterprises are satisfied with their ability to detect cybersecurity threats. Since the COVID-19 crisis began, the rate of attacks has soared. One FBI spokesperson was quoted as saying that cybersecurity complaints to the Bureau’s Internet Crime Complaint Center have spiked by 200-300% since the pandemic began. In this three-part blog series, we’ll explore critical insights from the Forrester Consulting study, including:

• The challenges facing today’s modern SOC.
• The impact of those challenges on business outcomes.
• Opportunities and best practices for optimizing your SOC.

Every Business Is Vulnerable to a Cyberattack  

Despite all their resources, a number of industry-leading global companies have fallen victim to high-profile cyberattacks in 2020. According to the Forrester survey, a whopping 79% of enterprises have experienced a cyber breach in the past year, and nearly 50% in the past six months. This is despite the fact that most organizations have an internal security operations center (SOC) or some form of 24x7 coverage. 

Cyberattackers are relentless and getting more sophisticated by the day. Businesses are under constant attack, with the average security operations team receiving over 11,000 security alerts daily. Hamstrung by siloed applications and manual processes, the report finds that a majority of organizations are unable to address most or all of the security alerts they receive in a single day. Alarmingly, 28% of alerts are simply never addressed.   

The net result is that security analysts are drowning in alerts, which is having a profound impact on their health, wellness and overall job satisfaction. This reactive approach to cybersecurity also has decision makers frustrated and dissatisfied. With Forrester Research estimating the cost of an average data breach at as much as $7 million per incident, a more proactive approach is needed to quickly prevent, identify and address cyber threats. 

Security Teams Face Significant Resource and Technology Challenges

Security analysts are understandably frustrated that they are spending so much time chasing false leads and performing manual processes. They are working longer hours, taking on more responsibility and increasingly under more pressure to protect the business. Despite their efforts, security operations teams are unable to hit key metrics like mean time to investigate, number of incidents handled, mean time to respond, threat score and number of alerts. Less than 50% of teams report that they meet these metrics most of the time. Based on the survey, Forrester Consulting found two key reasons for this disconnect:

Resource gaps: IT decision makers say finding and keeping experienced security operations staff and enough analysts to support the workload is a major challenge. 

Technology gaps: SecOps teams use an average of over 10 different categories of security tools, including firewalls, email security, endpoint security, threat intelligence, vulnerability management and more. But these tools are typically siloed, and implementation tends to be poor.

This wide range of tools that enterprises invest in to combat security threats creates a number of problems, including:

• Difficulty hiring, training and retaining employees who are adept at using the full security technology stack.
• Too many low-priority alerts that obscure visibility into the real threats and leave security analysts with little time for threat hunting and process improvement.
• Siloed workflows that add complexity and time to security processes.

The Modern SOC Requires Automation and Visibility

According to the report findings, only 13% of the surveyed organizations are leveraging the value of automation and machine learning to triage, analyze and respond to threats. On the flip side, sophisticated cyberattackers are rapidly developing new ways to use these same tools to scale the scope and impact of their operations. 

Forrester Consulting says there are opportunities and solutions businesses can take advantage of to increase control and visibility across the infrastructure. For example, an extended detection and response (XDR) solution can help with analyst fatigue, tool inefficiency and overall security outcomes by:

• Improving visibility with unifying technology that seamlessly integrates telemetry from multiple sources.
• Leveraging security analytics capabilities such as machine learning to surface stealthy attack techniques
• Automating root cause analysis.

To learn more, download the full Forrester Consulting report: The 2020 State of Security Operations. And watch for our second blog in this series, where we’ll take a deeper dive into the challenges facing today’s modern SOC.