Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

7/9/2020
05:46 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Growing Security Alerts Driving Demand for Cloud SIEM Solutions in the SOC

New research from Sumo Logic reveals that managing the sheer volume of these alerts poses a significant problem for IT security professionals.

REDWOOD CITY, Calif., July 09, 2020 (GLOBE NEWSWIRE) -- Sumo Logic, a leader in continuous intelligence, today announced the findings of a global survey that highlight the barriers security professionals are facing on the path to modernizing the security operations center (SOC). The struggle to effectively manage high volumes of security alerts and the complexities associated with traditional SIEMs are driving the demand for a new approach to effectively address challenges in the SOC through cloud-native SIEMs combined with security automation capabilities.

“Today’s security operations teams are faced with constant threats of security breaches that can lead to severe fallout including losing customers, diminished brand reputation and reduced revenue. To effectively minimize risk and bridge the gap, many companies rely on automated solutions that provide real-time analysis of security alerts,” said Diane Hagglund, principal for Dimensional Research. “These findings highlight the challenges SOC teams are facing in a cloud-centric world, but more importantly why enterprises are aggressively looking to cloud-native alternatives for security analytics and operations.”

The 2020 State of SecOps and Automation” report, a study conducted by Dimensional Research on behalf of Sumo Logic, reveals that managing the sheer volume of these alerts poses a significant problem for IT security professionals. Although automated security alert processing can help to mitigate this issue, it is still a work in progress for most security teams.

Key findings within the report include:

Security alert volumes create problems for security operations

  • 70% have more than doubled the volume of security alerts in the past five years
  • 99% report high volumes of alerts cause problems for IT security teams
  • 83% say their security staff experiences “alert fatigue”

Automation helps, but it is still a work in progress

  • 65% of teams with high levels of automation resolve most security alerts the same day compared to only 34% of those with low levels of automation
  • 92% agree automation is the best solution for dealing with large volumes of alerts
  • 75% report they would need three or more additional security analysts to address all alerts the same day

Better technology is needed to manage security alert volumes

  • 88% face challenges with their current SIEM
  • 84% see many advantages in a cloud-native SIEM for cloud or hybrid environments
  • 99% would benefit from additional SIEM automation capabilities

“Enterprises are arguably dealing with more data today than ever before, and the pain security operations teams are feeling is significant. There’s never been a more important time to ensure IT security operations are up to par,” said Greg Martin, general manager for the security business unit at Sumo Logic. “Companies need to adopt solutions that let them quickly identify, prioritize and respond to only the most critical warning signals, so that they’re not left drowning in alert overload with no direction. Our Cloud SIEM Enterprise solution fits this need and also offers rapid deployment, quick time-to-value, ease-of-use and a unified data model.”

Sumo Logic Cloud SIEM Enterprise is a cloud-native solution that addresses the challenges facing today’s modern SOC by automating the manual work for security analysts, saving them time and enabling them to be more effective by focusing on higher-value security functions. Sumo Logic Cloud SIEM Enterprise provides real-time insights and continuous intelligence SOC teams can use to quickly identify evidence of compromise and improve their ability to respond quickly by understanding the impact of an attack. This removes common technology limitations that burden a SOC's efficiency and ability to mitigate risk.

Download the full report here

Report methodology and demographics
The report was conducted via an online survey that was sent to an independent database of IT security professionals worldwide. In total, 427 qualified security individuals completed the survey. All participants had direct responsibility for security operations at an organization with a significant investment in a public cloud (IaaS) and at least 1,000 employees. Participants included a mix of job levels, regions, company sizes, number of security analysts, and industries.

Additional Resources

About Sumo Logic
Sumo Logic is a leader in continuous intelligence, a new category of software, which enables organizations of all sizes to address the data challenges and opportunities presented by digital transformation, modern applications and cloud computing. The Sumo Logic Continuous Intelligence Platform™ automates the collection, ingestion and analysis of application, infrastructure, security and IoT data to derive actionable insights within seconds. More than 2,000 customers around the world rely on Sumo Logic to build, run and secure their modern applications and cloud infrastructures. Only Sumo Logic delivers its platform as a true, multi-tenant SaaS architecture, across multiple use-cases, enabling businesses to thrive in the Intelligence Economy.

Founded in 2010, Sumo Logic is a privately held company based in Redwood City, California, and is backed by Accel Partners, Battery Ventures, DFJ Growth, Franklin Templeton, Greylock Partners, IVP, Sapphire Ventures, Sequoia Capital, Sutter Hill Ventures and Tiger Global Management. For more information, visit www.sumologic.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.