Inaugural State of Security Observability report reveals 99% of organizations believe security observability is a priority
Observe Inc., the observability company reinventing the way business data is stored, managed and analyzed, published the 2023 State of Security Observability report. Conducted by CITE Research, it examines the convergence of security and observability. The inaugural report surveyed 500 full-time security decision-makers and practitioners — 40% of whom were either CISOs or CSOs — to understand their current approach to security and how it intersects with observability.
Organizations have been using log data to identify known and unknown attacks since the beginning of the Internet, but each generational shift in data volume and velocity has broken legacy tooling. Security observability — which uses logs, metrics, and traces to infer risk, monitor threats, and alert on breaches — brings SecOps forward with an architecture that separates storage from compute. Ninety-nine percent of organizations said security observability was a priority.
CIO INFLUENCE News: Malwarebytes Announces Free Vulnerability Assessment to Improve Security Posture Without Extra Costs
Notably, the report found that 84% of security professionals indicate their organization combines security and data operations into a single analytics tool. However, more than half of the security relevant data that goes into observability systems needs to be transformed before it can be used. Nearly half (48%) of respondents are using Microsoft’s ASIM for this purpose, followed by Amazon’s OCSF (32%) and IBM’s QRadar (28%), indicating significant data manipulation to the standards of cloud SIEM vendors. The inability to use data or get relevant data into current monitoring tools are the top challenges for organizations switching to a new observability tool in the coming year.
The majority of respondents (95%) say they are using a SIEM in some form. SIEM has been positioned as a content and integration-rich entry point that gives access to dozens of rules and add-ons specific to the other products that your organization runs on. The reality is each integration has versioning and configuration requirements, each rule only works with properly abstracted data, and each alert expects that the customer can decide if it’s important or not. This requires continual maintenance from skilled users or costly professional services time.
The State of Security Observability report reveals that organizations clearly feel the need for knowledgeable teams that can hunt for unknown threats and respond — 73% of respondents said they have Incident Response (IR) teams and Security Operations Center (SOC) in-house, and 95% use a SIEM (Security Incident and Event Manager). Product categories intended to replace the SIEM — such as SOAR, UEBA, and EDR — have not done so.
CIO INFLUENCE News: AMD Showcases Growing Momentum for AMD Powered AI Solutions from the Data Center to PCs
“Security observability borrows concepts from observability to enable security operations teams to understand risks and incidents in a more holistic way,” said Jack Coates, Senior Director of Product Management at Observe. “This report shows that 99% of organizations are prioritizing security observability. Embracing this pivotal technique is imperative for security professionals, empowering organizations to discern nuanced interactions between systems and individuals over time. This approach enhances security efficacy while optimizing costs and elevating monitoring capabilities.”
Other key findings from the State of Security Observability include:
- Smaller organizations struggle with limited resources in the security tools market, hindering effective adoption. However, they avoid the hype-driven churn experienced by larger teams, opting for technology upgrades within their SIEM as cost-effective alternatives.
- Cloud infrastructure doesn’t provide sufficient operations or security observability on its own and agents must be used. Host agents are used by 57% of organizations for observability and 51% for security, along with container agents (42% for observability and 44% for security), and sidecar agents (29% for observability and 28% for security).
- Half of security incidents require escalation, and tool sprawl isn’t helping. Only 11% of respondents report staying in a single pane of glass, with 18% using six or more tools to investigate issues.
- Cloud conversion has crossed the hallway mark and 74% of organizations have built their current systems to be mostly or entirely cloud-native.
CIO INFLUENCE News: N-able Enhances Modern Workplace with Powerful Device Management for Apple and Automation
[To share your insights with us, please write to sghosh@martechseries.com]
