In The Boardroom With….
SecuritySolutionsWatch.com: Thanks for joining us Matthias. We’re intrigued to hear more about the IDC research Splunk has sponsored on the current state of security, but before we do, can you tell us more about what Splunk provides to help organizations stay secure?
Matthias Maier: Today, every part of our lives and all customer interactions in the business world are becoming digital. Every click, every interaction and every process produces massive amounts of machine data which in turn provides a lot of insights. The Splunk platform helps organizations to make their machine data accessible, usable and valuable for everyone. This includes IT security teams who can use the Splunk platform to enable collaboration and implement best practices to address modern cyber threat challenges. With Splunk as a nerve center, security teams can leverage statistical, visual, behavioral and exploratory analytics to drive insights, decisions and actions. Beyond security, we help IT operations teams, marketing teams, compliance teams and line of business managers to gain insights.
SecuritySolutionsWatch.com: So why has Splunk worked with IDC to carry out this research into Security Operations?
Matthias Maier: Security teams work hard. They have to cope with a growing number of threats, increasingly complex IT environments and new digital business services that need to be protected, plus this is made more challenging by a lack of skills across the industry. We wanted to find out how this is currently impacting security teams. To do this, IDC spoke to IT security managers at 600 global organizations with over 500 employees to understand the current readiness of security, to find out where organizations are focusing their security efforts, and what is driving the need for security.
SecuritySolutionsWatch.com: What were the key findings that businesses should be aware of?
Matthias Maier: Organizations are constantly under attack and struggling to keep up. Firms experience an average of 40 actionable incidents per week, but only a quarter think they are coping comfortably with this workload, and a third describe themselves as “struggling” or “constantly firefighting.” Even more worrying is that despite the equivalent of one full-time resource per organization dealing with security incidents, less than half of security teams gather enough information about those incidents to enable appropriate or decisive action. The biggest time sink is routine operations such as incident investigation: this is constraining improvements in security.
You can read the full report, “Investigation or Exasperation? The State of Security Operations”, or check out this video of Duncan Brown from IDC talking through some of the key findings:
SecuritySolutionsWatch.com: What can security operation teams do to combat this?
Matthias Maier: IT security teams need to work more efficiently, speeding up and automating security investigations where possible in their daily operations across all their systems and services they own. Splunk is often engaged in this exercise and we often hear as a result that Splunk is the swiss army knife for security operations team. But before finding the right solution, security professionals need to be aware of the current state of our own security maturity. Think about it – do you know how long your team is spending on security investigation?
To find out how you compare to your peers when it comes to incident response, visit IDC’s free Security Response Readiness Assessment Tool.
You can also join the upcoming Splunk webinar on June 20th, to hear from guest, Duncan Brown about how organizations are coping with an average of 40 actionable security incidents per week, and why an analytics-driven approach can help shorten investigation cycles and speed response.