(Security) Investigation or Exasperation?

Security teams work hard. They have to cope with a growing number of threats and increasingly complex IT environments, plus this is made more challenging by a lack of employees with security
skills across the industry. To find out how this is impacting security teams, we commissioned IDC to carry out some research into Security Operations. They found that organizations are constantly under attack and struggling to keep up.

Investigating security incidents is time consuming:

Firms experience an average of 40 actionable incidents per week, rising to 77 for finance and 124 for telco, but only a quarter think they are coping comfortably with this workload, and a third describe themselves as “struggling” or “constantly firefighting.” Even more worrying is that despite the equivalent of one full-time resource per organization dealing with security incidents, less than half of security teams gather enough information about those incidents to enable appropriate or decisive action.

Read the full IDC InfoBrief, Investigation or Exasperation? The State of Security Operations, sponsored by Splunk, May 2017 or check out this video of Duncan Brown, Associate Vice President, European Security Practice from IDC talking through some of the key findings:

Think about it - do you know how long your team is spending on security investigation? To find out how you compare to your peers when it comes to incident response, visit IDC's Security Response Readiness Assessment. Spend a few minutes answering the questions and IDC will send you a personalised report showing where you stack up against other organizations and highlighting how you can improve your response readiness.

You can also join our webinar on June 20th to hear from guest speaker Duncan Brown about how organizations are coping with growing volumes of security incidents and why an analytics-driven approach can help make security investigation more efficient and effective, reducing costs and improving security posture.

It’s time to change how we approach incident response, and the first step is to properly assess where we are right now.



Matthias Maier is Product Marketing Director at Splunk, as well as a technical evangelist in EMEA, responsible for communicating Splunk's go-to market strategy in the region. He works closely with customers to help them understand how machine data reveals new insights across application delivery, business analytics, IT operations, Internet of Things, and security and compliance. Matthias has a particular interest and expertise in security, and is the author of the Splunk App for IP Reputation. Previously, Matthias worked at TIBCO LogLogic and McAfee as a senior technical consultant. He is also a regular speaker at conferences on a range of enterprise technology topics.