Security Roundup: Going Rogue, SentinelOne, Exabeam, Kaspersky, Sophos
… act as consultants when supplying solutions for their customers, Mackie said.
“We’ve seen a substantive increase in the number of opportunities (upward of 30%) and the amount of times we win over both legacy technologies, as well as even now some of the other next-gen players,” he said. “Because of conditions in the marketplace (consolidation/acquisitions, margin control, poor partner programs) from some of our competition, combined with things we are doing right … we feel the timing is good for SentinelOne as partners are looking for a viable manufacturer to partner with.”
Report: Staffing, Security Alerts Pain Points for SOCs
Exabeam’s 2019 State of the Security Operations Center (SOC) report shows staffing remains an issue, as do processes like reporting and documentation, along with alert fatigue and false positives.
Key findings include:
- A third of respondents feel their SOC is understaffed by as many as six to 10 employees.
- The importance of soft skills, like communication, is growing, with nearly two-thirds (65 percent) of respondents saying personal and social skills play a critical role in the success of a SOC, but employees’ actual abilities in these areas are also improving.
- Hard skills have increased in importance: Threat hunting is up seven points to 69 percent, while data loss prevention jumped eight points to 75 percent.
Steve Moore, chief security strategist at Exabeam, tells us solving primary pain points for CIOs/CISOs and SOCs is a major opportunity for MSSPs and other cybersecurity providers.
“Specifically, 27% of respondents felt their top pain point was alert fatigue,” he said. “Additionally, false-positives and time spent on reporting/documentation are significant pain points for respondents, accumulating 24% and 33% of respondents, respectively. Additionally, the survey revealed that the lack of environmental visibility in the form of too few logs is also an issue.”
Managed security information and event management (SIEM) deployments, especially those with machine-learning-based behavior analytics features, can help greatly reduce these issues through automation, specifically timeline creation, which will decrease alert fatigue, save time and prioritize work, Moore said.
Nearly half of understaffed SOCs indicated they don’t have sufficient funding for technology, while respondents of larger SOCs said that despite recent or increased funding for technology, they recommend continued investment in newer, more modern technologies (39 percent), according to Exabeam.
The survey also revealed that nearly half of SOC respondents continue to outsource business activities; malware analysis, threat analysis and threat intelligence are the most frequently outsourced functions. Conversely, SOCs are choosing to tackle event and data monitoring internally.
When technology investments are made, big-data analytics (39 percent) and user and entity behavior analytics (UEBA) (22 percent) remained strong, while AI (23 percent) and machine learning (21 percent) made gains in usage rates. In medium and smaller SOCs, use of technologies like AI and biometric authentication and access management also jumped.
“The perception of performance is skewed from the data supporting performance,” Moore said. “Generally, SOC effectiveness is unchanged, but the perception of auto-remediation effectiveness has declined in aggregate. The problem of inexperienced staff is …