A survey of 500 full-time security decision-makers and practitioners published today found that security teams are wasting time and resources normalizing data to store and analyze it in a separate platform instead of relying on the same data IT teams use to manage operations.
Conducted by CITE Research on behalf of Observe, a provider of an observability platform, the survey found a quarter to half of the data collected by 45% of security teams needs to be normalized before being stored in, for example, a security information event management platform.
Another 26% said half to three-quarters of the data they collect needs to be normalized, while 7% said more than three-quarters of the data they collect needs to be normalized.
Jack Coates, senior director of product management at Observe, said that level of data collection suggested cybersecurity teams are not working closely enough with the IT teams that are already using other platforms to normalize data-even though much of the data cybersecurity teams collect is the same logs, metrics and traces that IT teams already collect.
The reasons for the duplicate efforts might span everything from simple cultural disconnect to the IT teams not collecting the type of data that cybersecurity teams require, noted Coates.
Regardless of the reason, the platforms being used by IT teams to collect data can also serve the needs of cybersecurity teams and ultimately reduce costs by eliminating the need for a separate SIEM platform, he added.
Not surprisingly, the survey found 95% of organizations are, in some form, using a SIEM. In addition, survey respondents have also invested in tools such as Microsoft Advanced Security Information Model, Amazon Open Cybersecurity Schema Framework and IBM QRadar to normalize data before storing it in a separate platform to analyze it.
The survey also found cybersecurity teams deploying their own host agent software for either security or observability purposes.
Each of these tools and platforms, in addition to being licensed, also need to be integrated and maintained.
Collectively, that approach conspires to increase the total cost of cybersecurity at a time when many organizations are looking for ways to reduce costs without cutting back on hiring and retaining cybersecurity professionals, said Coates.
The report also noted that a hodgepodge of tools and platforms doesn't help streamline incident management.
Only 11% of respondents reported being able to stay within a single pane of glass to manage incidents, with 18% using six or more tools to investigate issues.
There's naturally a lot of interest these days in converging security and IT operations, mainly to enable cybersecurity teams to spend more time thwarting threats versus managing infrastructure.
It's clear that much work needs to be done before both teams are working with a common set of data.
The data IT operation teams have access to in real-time also provides the added advantage of being more current than the data that must be collected and normalized before it can be analyzed.
That's especially critical when there is an incident and cybersecurity teams, as always, find themselves racing against the clock.
This Cyber News was published on securityboulevard.com. Publication date: Wed, 06 Dec 2023 14:43:06 +0000