Command Zero published a research report highlighting the top challenges in cyber investigations, along with recommendations for security operations leaders. The interview-based report revealed that 88% of security leaders expressed concerns about operational issues related to the lack of skilled staff and high attrition rates. 92% of respondents reported a lack of standardized processes for cyber investigations while 72% admitted to having blind spots for non-security data sources.
Command Zero is the industry’s first autonomous and user-led cyber investigation platform. To better understand the current state of investigations, the Command Zero team conducted 352 interviews over 24 months (2 years) with security professionals including CISOs, security VPs, directors, managers, incident handlers and responders, legal counselors, and risk leaders. Respondents came from diverse organization sizes, verticals and geographies.
The research report covers three top challenges for security operations:
- The universal talent gap in cyber hinders the ability to run investigations. 88% of respondents expressed concerns about operational issues related to the lack of skilled staff and high attrition rates. Lack of cloud security skills and visibility across the stack were also shared challenges.
- Current SecOps tools are hard to operate and investigate. Respondents confirmed high operational costs for running SIEM, SOAR and EDR solutions. Blind spots for critical SaaS applications and non-security data sources were also common.
- Investigations lack consistency, documentation and auditability. A lack of standardized collaboration during cyber investigations, overly complex regulatory requirements and scope creep hinder analyses and response. The average organization lacks programmatic ways to incorporate learnings from past investigations.
“These findings shouldn’t come as a surprise to cyber leaders”, said Joe Albaugh, SVP, CISO at NRG Energy. “Understanding the challenges around cyber investigations and building the right processes will improve mean time to understand, respond and remediate. This is the only viable path to fewer breaches and reduced impact for incidents.”
The report also states Command Zero’s perspective on findings and actionable recommendations for SecOps leaders. These recommendations include standardizing the investigation process, abstracting access to data, using automation for time intensive tasks like creating timelines and reports, as well as improving collaboration and communication across teams.
“Cyber investigations are where the rubber meets the road: Security operations teams need to come to a verdict for the hardest, most complex high priority cases. This research confirms the top challenges security leaders face today, and where CISOs can make a meaningful impact.” said Dov Yoran, cofounder and CEO at Command Zero. “Despite improvements in other aspects of SecOps, investigations remain ad-hoc processes, lacking consistency and auditability. Clearly, we need to address increasing challenges with infrastructure complexity, the universal talent gap, higher regulatory and compliance requirements. Using expert platforms, AI and automation will help overcome the challenges identified by this research. We hope the findings and recommendations in this report help guide improvements in security operations.”
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!