2021 State of Security Operations by Forrester

Executive Summary

To stop modern attacks, organizations need more integration, more visibility and more automation — analysts are struggling underwater trying to keep up with the immense volume of alerts that they receive every day. Today, analysts note that they struggle to triage and investigate threats quickly, with manual processes slowing down alert triage for a striking 74% of the survey participants. Because teams face a deluge of security alerts — 11,047 alerts a day on average — many teams ignore low-priority alerts, leaving over a quarter of alerts completely untouched.

Worse yet, almost two-thirds of security teams still rely on legacy endpoint security solutions, like antivirus tools and endpoint protection platforms, which limit their ability to gather rich endpoint data for detection, investigation, and response. Security operations decision-makers recognize that they must further embrace automation to relieve their analysts and allow for more strategic work to be focused on, rather than the day-to-day tactical management. Many organizations have begun to enlist automation to assist with pieces of the security workflow, and are working to increase their level of automation over the next two years.

Palo Alto Networks commissioned Forrester Consulting to explore today’s cybersecurity challenges and opportunities. Forrester conducted an online survey with 418 global security operations decision-makers who have responsibility over detection and response purchasing to understand the state of current security operations. We found that while few organizations have reached SOC maturity, 70% of respondents have begun their automation journey and 44% expect to use more automation in the next one to two years.

KEY FINDINGS

  • ›  Security operations teams are still struggling to address the high volume of alerts. Less than half of decision-makers note that their organization is able to address most or all of the alerts they receive in a day. Teams struggle to quickly triage and investigate threats; and because they face a deluge of security alerts, many teams are forced to ignore low-priority alerts, leaving organizations vulnerable.
  • ›  Almost half of all firms report struggling to hire and retain qualified staff. Because so much of threat detection, investigation, and response is still done manually, security operations teams are dealing with high rates of analyst burnout. Many teams are beginning to automate pieces of their workflows to alleviate this.
  • ›  Nearlythree-quartersofdecision-makershavebeguntheirSOC automation journey. With full SOC automation being a long-term goal, 70% of surveyed organizations have begun their automation journey, and 44% expect to be using more automation in the next one to two years. Those who have adopted more automation report having a happier security operations team and a lower likelihood of technical challenges, such as poor visibility into security tools and a lack of tool integration.

[In Vietnamese]

Forrester đã đưa ra báo cáo The 2021 State of Security Operations, cung cấp một số thông tin chi tiết sâu về các xu hướng tự động hoá Trung tâm Giám sát và Vận hành ANTT (SOC), và cung cấp các bước khuyến nghị quan trọng để các lãnh đạo ANTT có thể áp dụng tức thì giúp nâng cao năng lực trưởng thành về ANTT trong thời gian gần.
 
Forrester đã thực hiện một khảo sát trực tuyến toàn cầu với 418 nhân sự chủ chốt ra quyết định về vận hành ANTT và chịu trách nhiệm về các quyết định trang bị năng lực về phát hiện và phản ứng sự cố để hiểu được toàn cảnh hiện trạng về vận hành ANTT hiện tại trên toàn cầu. Forrester đã phát hiện ra là dù vẫn có một số tổ chức có thể đạt được đến trạng thái trưởng thành về Giám sát và Vận hành ANTT, 70% phản hồi cho biết là đã vừa bắt đầu hành trình tự động hoá và 44% mong đợi sẽ sử dụng nhiều hơn về tự động hoá trong 1 đến 2 năm tới.
 
Một số phát hiện quan trọng từ khảo sát bao gồm:
 
– Đội ngũ vận hành ANTT vẫn đang vất vả giải quyết lượng cảnh bảo quá lớn
– Gần một nửa các tổ chức tham gia khảo sát vẫn đang vất vả trong việc tuyển dụng và giữ chân các nhân sự chất lượng
– Gần 3/4 các nhân sự chủ chốt ra quyết định đã bắt đầu thực hiện hành trình tự động hoá Trung tâm Giám sát và Vận hành ANTT (SOC) của mình
– Chỉ một vài tổ chức là tự-tin với khả năng bảo vệ trước các cuộc tấn công hiện nay
– Đội ngũ Vận hành ANTT (SecOps) phải đối mặt với trung bình 10,000 cảnh báo mỗi ngày

2021 Gartner Market Guide for Cloud Workload Protection Platforms

Workload protection must span virtual machines, containers and serverless workloads in public and private clouds. Security and risk management leaders should use this Market Guide to understand the need for protection that spans development and runtime and includes cloud security posture management.

Key Findings

This document was revised on 27 July 2021. The document you are viewing is the corrected version. For more information, see the Corrections page on gartner.com.
  • Most enterprises are purposefully using more than one public cloud infrastructure as a service (IaaS) platform, but still have on-premises workloads to protect.
  • With cloud-native applications, workload security must start proactively during development.
  • The cloud workload protection platform (CWPP) market is increasingly overlapping with the cloud security posture management (CSPM) market and “shifting left” into development to address the full life cycle of cloud-native application protection requirements.
  • Emerging approaches, such as the use of agentless CWPPs, appeal to buyers because of their ease of deployment.
  • Enterprises using endpoint protection platform (EPP) offerings designed to protect end-user devices for server workload protection are putting their data and applications at risk.

Recommendations

Security and risk management leaders responsible for infrastructure security should:
  • Implement a CWPP offering that protects workloads regardless of location, size, runtime duration or application architecture.
  • Secure workloads earlier by extending workload scanning and compliance efforts into development (DevSecOps), especially for container-based and serverless function platform as a service (PaaS)-based development and deployment.
  • Consolidate CWPP and CSPM strategies over the next 12 to 24 months to reduce costs and complexity and identify risks better.
  • Design for CWPP scenarios where runtime agents cannot be used or no longer make sense. Require CWPP and CSPM vendors to support agentless deployment options.

View Report

2021 Gartner Strategic Roadmap for SASE Convergence

Digitalization, work from anywhere and cloud-based computing have accelerated cloud-delivered SASE offerings to enable anywhere, anytime access from any device. Security and risk management leaders should build a migration plan from legacy perimeter and hardware-based offerings to a SASE model.

Key Findings

  • To protect anywhere, anytime access to digital capabilities, security must become software-defined and cloud-delivered, forcing changes in security architecture and vendor selection.
  • Perimeter-based approaches to securing anywhere, anytime access has resulted in a patchwork of vendors, policies, and consoles creating complexity for security administrators and users.
  • Enterprises that consider existing skill sets, vendors, and products and timing of hardware refresh cycles as migration factors will reduce their secure access service edge (SASE) adoption time frame by half.
  • Branch office transformation projects (including software-defined WAN [SD-WAN], MPLS offload, internet-only branch and associated cost savings) are increasingly part of the SASE project scope.
  • SASE is a pragmatic and compelling model that can be partially or fully implemented today.

Recommendations

Security and risk management leaders responsible for infrastructure security should develop a roadmap for the adoption of SASE capabilities and offerings:
Short term:
  • Deploy zero trust network access (ZTNA) to augment or replace legacy VPN for remote users, especially for high-risk use cases.
  • Inventory equipment and contracts to implement a multiyear phase out of on-premises perimeter and branch hardware in favor of cloud-based delivery of SASE capabilities.
  • Consolidate vendors and cut complexity and costs as contracts renew for secure web gateways (SWGs), cloud access security brokers (CASBs) and VPN. Leverage a converged market that emerges combining these security edge services.
  • Actively engage with initiatives for branch office transformation and MPLS offload in order to integrate cloud-based security edge services into the scope of project planning.
Longer term:
  • Consolidate SASE offerings to a single vendor or two explicitly partnered vendors.
  • Implement ZTNA for all users regardless of location, including when in the office or branch.
  • Choose SASE offerings that allow control of where inspection takes place, how traffic is routed, what is logged, and where logs are stored to meet privacy and compliance requirements.
  • Create a dedicated team of security and networking experts with a shared responsibility for secure access engineering spanning on-premises, remote workers, branch offices and edge locations.

View Report

Information Systems Security Engineering Professional (CISSP-ISSEP) – Vietnamese Walk of Fame

1

Last Updated: 19-JUL-2021

All statistics are based upon personal verification. Please use it at your own risk for reference only. Total number may be different from public list of (ISC)² since it includes active, inactive, and suspended & also certification holders who are both local & overseas Vietnamese. If you are a Vietnamese (local & overseas) CISSP-ISSEP and your name is not in this list, or you claim for wrong information, pls help to contact me. Thank you so much.

• For (ISC)² Certification Verification, pls take reference from here: https://webportal.isc2.org/custom/CertificationVerification.aspx
• For (ISC)² Member Counts, pls take reference from here: https://www.isc2.org/member-counts.aspx

ID Name & Contact Date Certified
# DANG HUY THUAN – ĐẶNG HUY THUẬN
Current: IT Risk & Compliance Officer at MBBank (Hanoi, Vietnam)
contact info
16-APR-2021

©2021-2021 Philip Cao. All rights reserved. Please specify source when you copy or quote information from this website (Xin vui lòng trích dẫn nguồn khi bạn sao chép hay sử dụng lại thông tin từ website).

English
Exit mobile version