2020 State of Security Operations

The 2020 State of Security Operations Report takes a close look at the front lines of IT security: security operations.

For our survey, we wanted to talk to the people who find and mitigate vulnerabilities, detect threats, perform security investigations, respond to incidents, and do countless other operational tasks on a daily basis. We also wanted to hear from security operations managers and executives about the challenges their teams are facing.

Our objective for this report is to take a snapshot of today’s security operations and to indicate how things are likely to evolve in the coming months and years.

The survey at the heart of this report was conducted in August 2020. This was several months after the COVID-19 pandemic began, with many of the participants in locations that had not yet fully reopened. As you read this survey report, keep in mind that it reflects the viewpoints and opinions of IT security operations professionals roughly six months into the pandemic.

CyberEdge would like to thank our research sponsor, Micro Focus, who conceived this report and whose support has been essential to its success.

Top Five Insights for 2020

This report contains dozens of actionable insights on IT security operations. Here are our top five takeaways:

1. Threat detection is a major hurdle. There’s clearly no shortage of threats, but there’s definitely a shortage of personnel to detect and analyze them. Organizations are already using security information and event management (SIEM) solutions, tools with machine learning (ML) and artificial intelligence (AI) technology, and processes leveraging the MITRE ATT&CK Framework to try to improve threat detection, but it’s not enough. Threat detection currently overshadows all other aspects of security operations in terms of across-the-board concern.
2. More and more tools are in use. All 11 common types of security operations tools we asked about are expected to exceed 80% adoption in 2021. For example, over 92% of organizations expect to be using SIEMs in 2021. Security operations is such a broad area that more and more tools are needed for complete coverage.
3. Reliance on external resources is rising. Over 96% of organizations use the cloud for IT security operations, and on average nearly two-thirds of their IT security operations software and services are already deployed in the cloud. Furthermore, over 87% of organizations already outsource some of their IT security functions to managed security service providers (MSSPs)—with an average of three functions outsourced.
4. Malware is still #1. Of all the security threat types out there, organizations are most concerned about malware, followed closely by phishing/spear-phishing attacks and ransomware. However, survey participants indicated that their organizations are at least moderately concerned about all common types of threats.
5. Cyberthreats and incidents related to COVID-19 are impacting security operations. The biggest challenge from COVID-19 to security operations teams has been the increased volume of cyberthreats and security incidents they’ve had to deal with.