Virtualization Technology News and Information
Article
RSS
Observe Report Finds 84% of Organizations Combine IT and Security Operations Into Single Analytics Tool

Observe Inc. published the 2023 State of Security Observability report. Conducted by CITE Research, it examines the convergence of security and observability. The inaugural report surveyed 500 full-time security decision-makers and practitioners - 40% of whom were either CISOs or CSOs - to understand their current approach to security and how it intersects with observability.  

Organizations have been using log data to identify known and unknown attacks since the beginning of the Internet, but each generational shift in data volume and velocity has broken legacy tooling. Security observability - which uses logs, metrics, and traces to infer risk, monitor threats, and alert on breaches - brings SecOps forward with an architecture that separates storage from compute. Ninety-nine percent of organizations said security observability was a priority. 

Notably, the report found that 84% of security professionals indicate their organization combines security and data operations into a single analytics tool. However, more than half of the security relevant data that goes into observability systems needs to be transformed before it can be used. Nearly half (48%) of respondents are using Microsoft's ASIM for this purpose, followed by Amazon's OCSF (32%) and IBM's QRadar (28%), indicating significant data manipulation to the standards of cloud SIEM vendors. The inability to use data or get relevant data into current monitoring tools are the top challenges for organizations switching to a new observability tool in the coming year. 

The majority of respondents (95%) say they are using a SIEM in some form. SIEM has been positioned as a content and integration-rich entry point that gives access to dozens of rules and add-ons specific to the other products that your organization runs on. The reality is each integration has versioning and configuration requirements, each rule only works with properly abstracted data, and each alert expects that the customer can decide if it's important or not. This requires continual maintenance from skilled users or costly professional services time.

The State of Security Observability report reveals that organizations clearly feel the need for knowledgeable teams that can hunt for unknown threats and respond - 73% of respondents said they have Incident Response (IR) teams and Security Operations Center (SOC) in-house, and 95% use a SIEM (Security Incident and Event Manager). Product categories intended to replace the SIEM - such as SOAR, UEBA, and EDR - have not done so. 

"Security observability borrows concepts from observability to enable security operations teams to understand risks and incidents in a more holistic way," said Jack Coates, Senior Director of Product Management at Observe. "This report shows that 99% of organizations are prioritizing security observability. Embracing this pivotal technique is imperative for security professionals, empowering organizations to discern nuanced interactions between systems and individuals over time. This approach enhances security efficacy while optimizing costs and elevating monitoring capabilities."

Other key findings from the State of Security Observability include:

  • Smaller organizations struggle with limited resources in the security tools market, hindering effective adoption. However, they avoid the hype-driven churn experienced by larger teams, opting for technology upgrades within their SIEM as cost-effective alternatives.
  • Cloud infrastructure doesn't provide sufficient operations or security observability on its own and agents must be used. Host agents are used by 57% of organizations for observability and 51% for security, along with container agents (42% for observability and 44% for security), and sidecar agents (29% for observability and 28% for security).
  • Half of security incidents require escalation, and tool sprawl isn't helping. Only 11% of respondents report staying in a single pane of glass, with 18% using six or more tools to investigate issues.
  • Cloud conversion has crossed the hallway mark and 74% of organizations have built their current systems to be mostly or entirely cloud-native.

For more information, visit https://www.observeinc.com/resources/the-state-of-security-observability-2023 to access the full 2023 State of Security Observability report. 

Published Wednesday, December 06, 2023 1:58 PM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2023>
SuMoTuWeThFrSa
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456