Securing the Digital World

How Organizations Think About Threat Detection: Results from the RSA Threat Detection Survey

Mar 01, 2016 | by Zulfikar Ramzan, PhD. |

The famous British naturalist Charles Darwin believed that it isn't the strongest or fastest who survive, but rather it's those who are most adaptable to change. For RSA's customers, that requires acknowledging and understanding how effective they are at detecting as well as investigating cyber threats today, and determining how they should best evolve moving forward to address their security needs.

In that vein, RSA conducted a Threat Detection survey to help our customers grapple with this need by allowing them to understand what technologies they rely on, how satisfied they are with those technologies, where they plan to invest, and how they plan to evolve their strategy. Today, I'm pleased to announce the results.

Over 160 organizations from around the world participated and the findings were simultaneously promising, surprising, and concerning. For example, only 24% of organizations are satisfied with how well they detect and investigate threats using their current data and tools. What's surprising, however, is that many of these organizations had no immediate plans to change how they allocated their security budget over the next 12 months.

According to the survey, roughly half of security budgets are allocated to preventative technologies. Yet it's clear that a lopsided prevention focus has failed. Even threat actors of average sophistication know how to bypass preventative approaches with relative ease. Therefore, we need to consider how to detect and respond to threats more effectively. One silver lining here is that budgets used to be more unbalanced a few years ago. That said, we're still not close enough to the much needed equitable division between prevention, detection, and response.

Organizations also focus much of their data gathering efforts on the network perimeter, rather than some of the more effective areas like endpoints, identity management systems, network packets (and flow), and cloud based infrastructure. As such, the swift response needed to decrease dwell time is lacking; not surprisingly, the fraction of our respondents who felt they could detect or respond to threats very quickly was only 9% and 11% respectively.

I've only mentioned a handful of the survey results and highly encourage you to review the remainder in the eBook. While we may be in the nascent stages of our journey, it's clear that we can't move in the right direction unless we at least understand where we are today and how we need to change. I'm looking forward to working with our customers as we traverse the precarious routes associated with today's threat landscape.