Threat Detection Software Tools: Research Explores the Build vs. Buy Debate
A Cyber Threat Research study reveals that 55% of organizations have built their own detection tool, but less than half found it to be very effective. Whether or not that number reflects the reality of your own organization, Panther Labs uncovers some intriguing findings in its new report, “State of Threat Detection and Response.”
Panther Labs, a San Francisco, Calif.-based cybersecurity company specializing in cloud-scale detection and response, surveyed 400 security practitioners in the United States for its report. To reflect the “hands-on” perspective of security teams, survey respondents were primarily security analysts and engineers.
As part of its research, Panther Labs probed the effectiveness of its own tools and processes, the challenges they face, and projections for the future. The research also includes Panther Labs’ recommendations for cybersecurity improvements – so MSPs and MSSPs may want to take note.
Cyber threat alerts give way to false positives
Data breaches are at an all-time high and the means by which malicious actors prey on vulnerable organizations are becoming increasingly sophisticated. As such, security teams face unprecedented challenges in protecting their organizations, according to the Panther Labs report.
Threat detection and response activities are hampered by tools that have not evolved to handle the massive amount of data generated by today’s cloud infrastructure and applications.
With this reality in mind, Panther Labs offers these key findings:
- 55% of respondents have built their own detection and response tool, but less than half found it to be very effective. The need to create their own tools probably stems from dissatisfaction with the tools available. In fact, 25% said the tool they built was very ineffective.
- The biggest challenge is efficiency. Most respondents say efficiency issues, such as time wasted on false positives and lack of efficient processes, are their biggest challenges today.
- Automation would make them more efficient. Respondents believe that automating manual tasks would have the greatest impact on the efficiency of security operations.
- Over the past 12 months, 48% of respondents have seen a threefold increase in the number of alerts per day. This is an alarming rate of growth, according to Panther Labs, which compounds an already problematic situation for already stretched teams.
- More than 50% of respondents find that at least half of the alerts are false positives. Managing a high volume of false positives contributes to alert fatigue and impacts the ability of security teams to focus on higher value tasks.
Panther Labs issues a wake-up call
Jack Naglieri, CEO and Founder of Panther Labs, adds perspective to his company’s research:
“Modern-scale threat detection and response is challenging, no matter the size or experience of your team. The answers provided by our respondents confirm what many security practitioners experience on a daily basis: tools Sales reps often don’t meet their expectations, but security teams also struggle to build their own internal tools that can work as needed.”
However, the report reveals a difference of opinion regarding threat detection and response programs as a top priority over the next 12 months. “Ensuring full coverage of organizational resources” is the top priority for 16.9% of respondents, and the priorities break down from there.
Answer #2 is tied, as 13.5% say “advancing our security posture in the cloud” or “adding more security sensors” is their top choice. “Improve the speed of our response rate” and “other” are tied at 11.8%, and 10.1% say “consolidate security logs in one place” or “reduce false positives”. Other choices include “get management buy-in to increase funding” (8.4%) and “produce better reporting metrics” (3.3%).
For more survey responses and additional perspective, download a full copy of the report.