The highest spending priority on security should be on ways to improve the ability to respond to confirmed attacks. This opens big opportunities for MSSPs.
Nearly 9 out of 10 organizations surveyed have an internal or external SOC, and 64% of organizations receive some security assistance from MSSPs.
For organizations that already use MSSPs, the median work with two service providers.
Organizations plan to invest in three major areas—responsiveness, detection and investigation—to improve their capabilities over the next 12 to 18 months.
Over the next 12 to 18 months, 71% of respondents expect their MSSP use to remain the same, while 19% plan to increase their MSSP partnerships, and 10% expect it to decrease.
• Provide security monitoring and monitoring coverage: 21%
•Improve advanced threat detection: 18%
•Help with SOC, incident response, hunter staffing, and skills shortages: 18%
Almost 70% of the organizations surveyed reported using a security information and event management (SIEM) solution.
93% of organizations that use external security services are highly likely to have those services involved with the SIEM system, while 71% ask their MSSP to run day-to-day SIEM operations.
The four types of security teams used by organizations are Tier 1 SOC analysts, Tier 2 SOC analysts, hunters who proactively hunt for threats and can declare incidents, and incident responders.
About 40% of organizations that don’t use all four types of security teams plan to increase their use of MSSP employees in one or more of those functions over the next 12 to 18 months, while 40% will deploy internal people. 60% will invest in tools for these teams.
93% of SOCs are unable to properly address all incoming alerts, and 25% believe that has resulted in a moderate to severe business impact due to uninvestigated reports.
26% of the survey respondents operate in reactive mode, with ad hoc approaches to security operations, threat hunting and incident response.
67% of respondents reported an increase in security incidents. Of these respondents, 57% said the rise of incidents is due to more attacks, and 73% believe they can better identify the attacks.