Security News > 2024 > February > Cybersecurity teams hesitate to use automation in TDIR workflows
Despite 57% of interviewed organizations reporting significant security incidents, over 70% of organizations reported better performance on cybersecurity key performance indicators, such as mean time to detect, investigate, respond, and remediate in 2023 as compared to 2022, and 90% believe they have good or excellent ability to detect cyberthreats.
"While we aren't surprised by the contradictions in the data, our study in partnership with IDC further opened our eyes to the fact that most security operations teams still do not have the visibility needed for overall security operations success. Despite the varied TDIR investments they have in place, they are struggling to thoroughly conduct comprehensive analysis and response activities," said Steve Moore, Exabeam Chief Security Strategist.
"Looking at the lack of automation and inconsistencies in many TDIR workflows, it makes sense that even when security teams feel they have what they need, there is still room to improve efficiency and velocity of defence operations."
"Despite having the lowest number of security incidents, APJ reports the lowest visibility of all regions at 62%, signaling that these teams may be missing and failing to report incidents as a result," noted Samantha Humphries, Senior Director, International Security Strategy, Exabeam.
With TDIR representing the prevailing workflow of security operations teams, 53% of global organizations have automated 50% or less of their TDIR workflow, contributing to the amount of time spent on TDIR. Not surprisingly, respondents continue to want a strong TDIR platform that includes investigation and remediation automation, yet hesitation to automate remains.
"As organizations continue to improve their TDIR processes, their security program metrics will likely look worse before they get better. But the tools exist to put them back on the front foot," continued Moore.
News URL
https://www.helpnetsecurity.com/2024/02/07/tdir-improvements-in-security-operations/