The “2020 State of SecOps and Automation Report” Highlights 83% of Security Professionals Experience Alert Fatigue and 88% Face Challenges with Current SIEMs
REDWOOD CITY, Calif. – July 9, 2020 – Sumo Logic, a leader in continuous intelligence, today announced the findings of a global survey that highlight the barriers security professionals are facing on the path to modernizing the security operations center (SOC). The struggle to effectively manage high volumes of security alerts and the complexities associated with traditional SIEMs are driving the demand for a new approach to effectively address challenges in the SOC through cloud-native SIEMs combined with security automation capabilities.
“Today’s security operations teams are faced with constant threats of security breaches that can lead to severe fallout including losing customers, diminished brand reputation and reduced revenue. To effectively minimize risk and bridge the gap, many companies rely on automated solutions that provide real-time analysis of security alerts,” said Diane Hagglund, principal for Dimensional Research. “These findings highlight the challenges SOC teams are facing in a cloud-centric world, but more importantly why enterprises are aggressively looking to cloud-native alternatives for security analytics and operations.”
The “2020 State of SecOps and Automation” report, a study conducted by Dimensional Research on behalf of Sumo Logic, reveals that managing the sheer volume of these alerts poses a significant problem for IT security professionals. Although automated security alert processing can help to mitigate this issue, it is still a work in progress for most security teams.
Key findings within the report include:
Security alert volumes create problems for security operations
- 70% have more than doubled the volume of security alerts in the past five years
- 99% report high volumes of alerts cause problems for IT security teams
- 83% say their security staff experiences “alert fatigue”
Automation helps, but it is still a work in progress
- 65% of teams with high levels of automation resolve most security alerts the same day compared to only 34% of those with low levels of automation
- 92% agree automation is the best solution for dealing with large volumes of alerts
- 75% report they would need three or more additional security analysts to address all alerts the same day
Better technology is needed to manage security alert volumes
- 88% face challenges with their current SIEM
- 84% see many advantages in a cloud-native SIEM for cloud or hybrid environments
- 99% would benefit from additional SIEM automation capabilities
“Enterprises are arguably dealing with more data today than ever before, and the pain security operations teams are feeling is significant. There’s never been a more important time to ensure IT security operations are up to par,” said Greg Martin, general manager for the security business unit at Sumo Logic. “Companies need to adopt solutions that let them quickly identify, prioritize and respond to only the most critical warning signals, so that they’re not left drowning in alert overload with no direction. Our Cloud SIEM Enterprise solution fits this need and also offers rapid deployment, quick time-to-value, ease-of-use and a unified data model.”
Sumo Logic Cloud SIEM Enterprise is a cloud-native solution that addresses the challenges facing today’s modern SOC by automating the manual work for security analysts, saving them time and enabling them to be more effective by focusing on higher-value security functions. Sumo Logic Cloud SIEM Enterprise provides real-time insights and continuous intelligence SOC teams can use to quickly identify evidence of compromise and improve their ability to respond quickly by understanding the impact of an attack. This removes common technology limitations that burden a SOC's efficiency and ability to mitigate risk.
Report methodology and demographics
The report was conducted via an online survey that was sent to an independent database of IT security professionals worldwide. In total, 427 qualified security individuals completed the survey. All participants had direct responsibility for security operations at an organization with a significant investment in a public cloud (IaaS) and at least 1,000 employees. Participants included a mix of job levels, regions, company sizes, number of security analysts and industries.
- Read the blog to get a closer look at the “2020 State of SecOps and Automation” report
- Learn more about Sumo Logic’s Cloud SIEM Enterprise
- See Sumo Logic’s Cloud SIEM for yourself with a custom demo
About Sumo Logic
Sumo Logic is a leader in continuous intelligence, a new category of software, which enables organizations of all sizes to address the data challenges and opportunities presented by digital transformation, modern applications and cloud computing. The Sumo Logic Continuous Intelligence Platform™ automates the collection, ingestion and analysis of application, infrastructure, security and IoT data to derive actionable insights within seconds. More than 2,000 customers around the world rely on Sumo Logic to build, run and secure their modern applications and cloud infrastructures. Only Sumo Logic delivers its platform as a true, multi-tenant SaaS architecture, across multiple use-cases, enabling businesses to thrive in the Intelligence Economy.
Founded in 2010, Sumo Logic is a privately held company based in Redwood City, California, and is backed by Accel Partners, Battery Ventures, DFJ Growth, Franklin Templeton, Greylock Partners, IVP, Sapphire Ventures, Sequoia Capital, Sutter Hill Ventures and Tiger Global Management. For more information, visit www.sumologic.com.