State of Threat Detection and Response

Insights from 400 security professionals who are responsible for threat detection and response at their organization.

Download the PDF

With data breaches at an all-time high and the ways in which malicious actors go after organizations getting increasingly sophisticated, security teams are facing unprecedented challenges in securing their organizations.

Adding to the challenges for security teams, threat detection and response can be hampered by tools that haven’t evolved to handle the massive amount of data generated by today’s cloud infrastructure and applications.

We wanted to gain insights into the experience of security teams who are at the helm of their organization’s detection and response operations and uncover more about what they experience each day. To do this, we surveyed over 400 security engineers, analysts, and practitioners to understand the current state of detection and response.

Some of the Key Findings include: 

  • The biggest challenge is efficiency. Most respondents say efficiency issues, like time wasted on false positives and a lack of efficient processes, are their biggest challenges today.
  • Automation would make them more effective. They believe that automating manual tasks would have the greatest impact on making security operations more efficient.
  • Over the last 12 months, 48% have seen a 3x increase in the number of alerts per day. This is an alarming growth rate, and for teams already stretched thin, this rate of increase exacerbates an already problematic situation. 
  • Over 50% find that at least half of alerts are false positives. Managing a high volume of false positives is contributing to alert fatigue, and impacting security teams’ ability to focus on more high-value tasks. 
  • 55% have built their own detection and response tool, but one in four said it was highly ineffective. The need to build their own tools likely stems from dissatisfaction with the tools available, so they’re taking on the momentous task of building their own when no commercial offerings can do the job.