84 percent of organizations combine IT and security operations in one analytics tool
A new survey of 500 full-time security decision-makers and practitioners finds that 84 percent indicate their organization combines security and data operations into a single analytics tool.
However, the study from Observe shows more than half of the security relevant data that goes into observability systems needs to be transformed before it can be used.
Nearly half (48 percent) of respondents are using Microsoft's Advanced Security Information Model (ASIM) for this purpose, followed by Amazon's Open Cybersecurity Schema Format (OCSF) (32 percent) and IBM's QRadar (28 percent), indicating significant data manipulation to the standards of cloud SIEM vendors. The inability to use data or get relevant data into current monitoring tools are the top challenges for organizations looking to switch to a new observability tool in the coming year.
SIEM is used in some form by 95 percent of respondents, but this requires continual maintenance from skilled users or costly professional services time.
"Security observability borrows concepts from observability to enable security operations teams to understand risks and incidents in a more holistic way," says Jack Coates, senior director of product management at Observe. "This report shows that 99 percent of organizations are prioritizing security observability. Embracing this pivotal technique is imperative for security professionals, empowering organizations to discern nuanced interactions between systems and individuals over time. This approach enhances security efficacy while optimizing costs and elevating monitoring capabilities."
Unsurprisingly smaller organizations struggle with limited resources in the security tools market, hindering effective adoption. The report also shows cloud infrastructure doesn't provide sufficient operations or security observability on its own which means agents must be used. Host agents are used by 51 percent of organizations for observability and 57 percent for security, along with container agents (42 percent for observability and 44 percent for security), and sidecar agents (28 percent for observability and 29 percent for security).
Tool sprawl isn't helping with the escalation of issues either. Only 11 percent of respondents report staying in a single pane of glass, with 18 percent using six or more tools to investigate issues.
The full report is available from the Observe site.
Image credit: videoflow/depositphotos.com