Manual processes represent a major incident response bottleneck at enterprise organizations. Here are a few alarming data points from some recent ESG research (note: I am an ESG employee):
1. 27% of enterprise organizations (i.e. those with more than 1,000 employees) spend at least 50% of their incident response time on manual processes like filling out paper work, finding a particular person, physically viewing multiple security management tools, etc.
2. 93% of organizations believe that their incident response efficiency and effectiveness is limited by the time and effort required for manual processes.
As if this wasn’t bad enough, IR process issues are exacerbated by a few other challenges:
- 33% of cybersecurity professionals find it difficult to coordinate incident response activities between cybersecurity and IT operations groups.
- 28% of cybersecurity professionals say it is difficult to maintain the right IR skills.
- 26% of cybersecurity professionals report challenges associated with integration of various security tools and controls.
Okay now put all of these issues together. Large enterprises are experiencing an unprecedented level of cyber-attacks on a daily basis. Unfortunately, many are defending their most valuable digital assets with subpar skills, limited technology integration, a lack of coordination across IT groups, and oh yeah – a host of manual processes.
Holy cow! Does anyone still wonder why there are so many data breaches?
The supply side of the IR equation is well aware of this situation and has been especially active in the IR automation/orchestration space. This year alone:
1. FireEye purchased Invotas.
2. IBM acquired Resilient Systems.
3. ServiceNow announced a new service to merge incident response with ITSM.
4. Phantom Cyber announced a platform for security automation and orchestration.
5. Splunk announced its adaptive response initiative.
One look at the ESG data cited above reveals why the cybersecurity industry is moving toward IR automation and orchestration so quickly. Even sophisticated enterprise organizations find themselves mired in an unproductive stew of manual processes, limited skills, and disconnected security technologies. Given this, IR automation and orchestration may be just what’s needed.
CISOs must identify and fix the bottlenecks in the IR processes as soon as possible if they are to have a fighting chance at cybersecurity defense. Industry leaders recognize this need and are moving as quickly as they can to bridge the gap.