Cybersecurity Priorities 2024 Report: Top 10 Takeaways
Today, Anomali released the results of its 2024 Cybersecurity Priorities study. This is a highly targeted survey of 150 professionals in the security space, including 50 Security Analysts, 50 Security Architects, and 50 CISOs/VPs of IT Security. The geographic distribution was primarily North America (81%) and Western Europe (17%), and respondents were from companies with $1B + in revenues, creating a relevant and credible sample of experts in a highly complex and dynamic domain.
The top ten takeaways are as follows:
- What security tools are used most often by analysts and architects? SIEMs at 93%, EDR at 89% and ITDR at 75%. While SIEMs have a significant presence in this market, the overall operational framework is shifting, as shown in the responses below.
- Which security tools were seen as most valuable? Not surprisingly, it’s the same one they use most often, although the distribution numbers are very different. 52% said SIEM, 22% said EDR, and only 10% said ITDR. So nearly everyone uses a SIEM, but only half see it as adding value, which means this market is probably ready for a foundational shift.
- The responses became a bit more varied when asked about the primary use cases for SIEM/SOC tools. 76% use them for incident investigation and case management, ~73% for log ingestion and management, then it drops to 68% for alert detection and triage. These are all still relatively high numbers, and all map to what is usually associated with the daily tasks within security operations.
- Analysts believe more than half of their daily tasks could be automated with the right tools. A separate but related question was asked about current SOC staffing, and it was found that nearly 1/3 of these organizations are looking for more talent. This combination of understaffed SOCs and wasted time on manual tasks is probably related to the broader staffing dynamic in cybersecurity (3M unfilled positions globally and over 700K in the US). Cybersecurity automation could soon become a core requirement for future SOC investments, keeping in mind this is not about replacing people with technology; it’s about augmenting the people in place plus facilitating the onboarding of new hires.
- Consolidation. Given the sprawl associated with the average cybersecurity tech stack, which can make even simple requirements time-consuming and needlessly complex, consolidation seems to be a high priority (87%) for security professionals, and this then leads to the question of actually executing against consolidation requirements, which drops to 68% (having it as a priority vs. actually doing it).
- This then leads to the next question - so you’ve consolidated. Any concerns? The obvious one is the risk associated with a single point of failure (61% consider it too risky), even though in most instances, we are talking about cloud-native solutions, which should be a lot more adaptable to changing environmental dynamics.
- Given the range of solutions within the security technology stack, this also begs the question, where would you want to consolidate? SIEMs are the most obvious target for consolidation at 44% of the respondents, although what was interesting was the response by function. 64% of CISOs want to consolidate, but only 24% of architects are interested.
- Survey participants were asked how they perceive the value of Security Operations and Security Analytics platforms compared to their existing SIEM. While a significant percentage believe these platforms deliver more advanced features, both platform options are viewed as complementary to a SIEM – not a replacement. Also, Forrester’s definition of a Security Analytics Platform has less perceived value from respondents. This could be because “security analytics” is more of a tactical term, while “security operations” might be viewed as more strategic.
- Respondents were pressed further about potentially switching if offered a clearly superior platform option to a SIEM. While most had previously indicated they would prefer to keep their current SIEM, 72% of respondents indicated a willingness to replace their SIEM if the new platform was superior and could save them money.
- The big question for many people is, of course, the role of AI in cybersecurity and the expectations from an AI-powered platform. To no one’s surprise, expectations are high, and the application of the technology has already generated particular focus areas. This includes faster threat detection (76% of respondents), analyst productivity gains (69%), and automated/faster threat remediation (68%). Only 1% said they were not interested in using AI for SecOps.
What is the bottom line of all this? SIEMs are helpful but are also ripe for upgrading or replacement (particularly if costs can be contained), and consolidating and accelerating detection to remediation is a top priority. And most of this will be in the cloud (according to 88% of respondents). AI is seen as a critical enabler for all this, but like any disruptive technology entering a complex cybersecurity stack, working through the details will be immensely complex, and the downside to errors is non-trivial. There is a lot more detail to this study and its results, which we have limited in this blog for brevity. If you have questions or are interested, please contact info@anomali.com.