Security response
Companies Increase Their Reliance on MSSPs
The highest spending priority on security should be on ways to improve the ability to respond to confirmed attacks. This opens big opportunities for MSSPs.
Managed Security Services
Nearly 9 out of 10 organizations surveyed have an internal or external SOC, and 64% of organizations receive some security assistance from MSSPs.
Augmented Security
For organizations that already use MSSPs, the median work with two service providers.
Investment Priorities
Organizations plan to invest in three major areas—responsiveness, detection and investigation—to improve their capabilities over the next 12 to 18 months.
Partnership Status Quo
Over the next 12 to 18 months, 71% of respondents expect their MSSP use to remain the same, while 19% plan to increase their MSSP partnerships, and 10% expect it to decrease.
Top Reasons to Work With MSSPs
• Provide security monitoring and monitoring coverage: 21%
•Improve advanced threat detection: 18%
•Help with SOC, incident response, hunter staffing, and skills shortages: 18%
Actionable Intelligence
Almost 70% of the organizations surveyed reported using a security information and event management (SIEM) solution.
SIEMs and MSSPs
93% of organizations that use external security services are highly likely to have those services involved with the SIEM system, while 71% ask their MSSP to run day-to-day SIEM operations.
Types of Security Teams
The four types of security teams used by organizations are Tier 1 SOC analysts, Tier 2 SOC analysts, hunters who proactively hunt for threats and can declare incidents, and incident responders.
Security Investments
About 40% of organizations that don’t use all four types of security teams plan to increase their use of MSSP employees in one or more of those functions over the next 12 to 18 months, while 40% will deploy internal people. 60% will invest in tools for these teams.
Overwhelmed by Alerts
93% of SOCs are unable to properly address all incoming alerts, and 25% believe that has resulted in a moderate to severe business impact due to uninvestigated reports.
Ad Hoc Security
26% of the survey respondents operate in reactive mode, with ad hoc approaches to security operations, threat hunting and incident response.
Rising Incidents
67% of respondents reported an increase in security incidents. Of these respondents, 57% said the rise of incidents is due to more attacks, and 73% believe they can better identify the attacks.