To answer this, we polled 1,536 cybersecurity professionals in The State of Breach Protection 2020 survey (Download the full survey here) to understand the common practices, prioritization, and preferences of the organization today in protecting themselves from breaches.
Security executives face significant challenges when confronting the evolving threat landscape.
- What type of attacks pose the greatest risk, and what security products would best address them?
- Is it better to build a strong team in-house, outsource the entire security operation, or search for a sweet spot between the two?
- What type and level of automation should be introduced into the breach protection workflows?
The State of Breach Protection 2020 survey provides insights into these questions and others.
Here are a few of the insights the survey unveils:
1) Lack of consolidation is a protection inhibitor — Organizations that currently deploy advanced security products report that maintaining a multi-product security stack (especially in advanced security product groups) is the main obstacle in reaching the desired protection.
2) Most organizations are prioritizing advanced protection projects in 2020 — The majority of organizations that currently deploy a basic security stack of AV, firewall, and email protection plan to add EDR/EPP, Network Traffic Analysis, or SIEM and are planning to do so in 2020.
3) Deployment is the Achilles heel of endpoint protection — Only a small portion of organizations reported on deploying EDR/EPP on more than 85% of their endpoints with no deployment or maintenance issues. Because in many cases, EPP/EDR is regarded as the main mean against advanced attacks, this is an alarming figure.
4) Advanced threat protection still involves a high volume of attended alerts — All organizations that deploy SIEM, EDR/EPP, Network Traffic Analysis, UEBA, or Deception products state that over 25% percent of alerts are left unattended on a daily basis.
5) Response orchestration beats automation — While a significant number of the organizations we polled orchestrate their IR operations from a centralized interface, only a small portion introduce automation to their remediation workflows.
6) Organizations have mixed feelings regarding security outsourcing — While the security skills gap compels organizations to outsource the more advanced portion of their security operations, there is still a strong inclination to keep things in-house, especially in regard to active attack remediation in their environment.
The State of Breach Protection 2020 survey crowdsources the wisdom of numerous security professionals and decision-makers, enabling CISOs to make better informed and data-driven decisions, by zooming out to see the wide perspective of breach protection's best practices and major trends.
Download The State of Breach Protection 2020 survey report here.