Is your company's IT department logging and monitoring data from security devices? If so, you're in the majority: 77 percent of organizations do this, according to recent survey results from SANS Institute. But when it comes to analyzing that data, there's still a lot of room for improvement. According to the survey findings, just 10 percent of respondents felt confident in their organization's ability to use data to effectively detect security trends.
The SANS Institute, a research and education organization specializing in information security, conducted a follow-up to its 2013 Log Management Survey with 647 professionals from small, medium and enterprise-size organizations in a variety of industries. The results showed that security operations teams are falling behind on detecting threats because their data sets were simply too large to sift through.
"[Organizations] are trying to add intelligence and improve analytics of the security data they're collecting, but they're struggling in various ways," said Deb Radcliff, executive editor of the SANS Analyst Program. "The primary issue is, they're not able to make the associations to detect security events among their event and log data."
About half of the survey respondents rely heavily on traditional log management and SIEM (security information and event management) solutions, while only 17 percent are using advanced threat intelligence and profiling databases. SANS senior analyst Dave Shackleford said that these basic products may not address the latest security challenges facing many organizations.
"More scalable and flexible analytics platforms are gaining interest and attention from the security community, and will likely continue to do so, given the threats and attacks we face today," Shackleford said.
Next week, SANS will host a two-part webcast on the survey results and explain how to better utilize security data. Visit SANS.org for more information.