MDR services provider Red Canary released a new report – Security Operations Trends – in which it provided new insight into the critical challenges facing modern cybersecurity teams. Red Canary partnered with independent research company Coleman Parkes, surveying 700 security leaders from the U.S., U.K., New Zealand, Australia and Nordics.
Findings showed that traditional SOC approaches are increasingly unsustainable in addressing modern threats. In the past year alone, 87 percent of organizations experienced security incidents that they were unable to detect and neutralize, leading to data compromise, outages, fines, audit failures and reputational damage.
Of note:
- 73 percent noted that their attack surface widened by 77 percent in the past two years, with 64 percent struggling with knowledge gaps in securing new technology.
- 62 percent indicated that AI adoption has made security more difficult, while all respondents face cloud security challenges.
- 77 percent noted that adversaries are more quickly moving through intrusion chains, while 85 percent admit that their detection deficit (time between detection and resolution) stayed the same or worsened over the past year.
- On average, security teams employed over 90 security tools, with 60 percent reporting “too much noise and too many security alerts” to effectively manage them. This led to teams overall spending 2X as much time on operational tasks as cyber readiness.
- 83 percent said that hiring and retaining skilled security professionals continues to be increasingly difficult, with 62 percent facing high employee churn due to overwork and stress.
“Expecting cybersecurity teams to understand every new risk has always been a challenge in the industry,” said Brian Beyer, the CEO and co-founder of Red Canary. “Why would we expect that to change now, especially when the threat landscape is evolving faster than ever? It’s simply unrealistic. The scale of risks facing the business today is unprecedented, and traditional security approaches are failing. For too long, companies have tried to tackle this escalating problem by throwing more money, tools and people at it. But with technology advancing at breakneck speed for both defenders and adversaries, cybersecurity teams are drowning, unable to keep up. It’s time for a new approach—one that involves strategic partnership and expert detection engineering to truly alleviate the burden and build defenses that actually work.”
While 78% of security leaders believe that a more intelligence-led security program equipped with real-time insight would help them to focus on the most critical issues faster, 66 percent see the process of turning threat intelligence into actionable steps as difficult and time consuming. This leaves many teams stuck in reactive mode, unable to effectively address risks before they escalate.
Key challenges included:
- Budgets, with 63 percent of security leaders seeing a budget increase in the past year, but only 37 percent feeling it is adequate to secure their business. This issue is compounded as 62 percent say that continued investment in developer speed is putting their business at risk.
- Compliance: 46 percent said that they have been too busy managing audits and ensuring regulatory compliance, with little time to focus on security training.
- Security as an Afterthought: 63 percent indicated that their security team is often brought in too late, acting as the “clean-up crew” rather than helping from the start.
Red Canary noted that these issues are prompting a shift in how SOCs are managed, with more organizations adopting a hybrid model of SecOps. By partnering with managed services, businesses can expand their teams and close the gaps in skills and expertise. On average, security teams are now 40 percent in-house / 60 percent outsourced.
“This survey found that nearly 80 percent of threats come from commonly used technologies, which is both astounding and so unnecessary,” said Beyer. “Protecting the entire enterprise is becoming more complex, and simultaneously, their budgets remain fixed with limited resources. Security teams have more data than ever, but they need help sorting through it to understand how attackers operate and improve their security. That’s where a trusted partner can help.”
Research was conducted by Coleman Parks as an online survey of individuals with decision-making responsibility on data tooling for cybersecurity solutions. Coleman Parks surveyed 300 respondents in the U.S., 200 in the U.K., 100 in Australia and 100 in the Nordics from a cross-section of organizations with more than 1,000 employees.
