Inaugural State of Security Observability report reveals 99% of organizations believe security observability is a priority
SAN MATEO, Calif., Dec. 6, 2023 /PRNewswire/ -- Observe Inc., the observability company reinventing the way business data is stored, managed and analyzed, published the 2023 State of Security Observability report. Conducted by CITE Research, it examines the convergence of security and observability. The inaugural report surveyed 500 full-time security decision-makers and practitioners — 40% of whom were either CISOs or CSOs — to understand their current approach to security and how it intersects with observability.
Organizations have been using log data to identify known and unknown attacks since the beginning of the Internet, but each generational shift in data volume and velocity has broken legacy tooling. Security observability — which uses logs, metrics, and traces to infer risk, monitor threats, and alert on breaches — brings SecOps forward with an architecture that separates storage from compute. Ninety-nine percent of organizations said security observability was a priority.
Notably, the report found that 84% of security professionals indicate their organization combines security and data operations into a single analytics tool. However, more than half of the security relevant data that goes into observability systems needs to be transformed before it can be used. Nearly half (48%) of respondents are using Microsoft's ASIM for this purpose, followed by Amazon's OCSF (32%) and IBM's QRadar (28%), indicating significant data manipulation to the standards of cloud SIEM vendors. The inability to use data or get relevant data into current monitoring tools are the top challenges for organizations switching to a new observability tool in the coming year.
The majority of respondents (95%) say they are using a SIEM in some form. SIEM has been positioned as a content and integration-rich entry point that gives access to dozens of rules and add-ons specific to the other products that your organization runs on. The reality is each integration has versioning and configuration requirements, each rule only works with properly abstracted data, and each alert expects that the customer can decide if it's important or not. This requires continual maintenance from skilled users or costly professional services time.
The State of Security Observability report reveals that organizations clearly feel the need for knowledgeable teams that can hunt for unknown threats and respond — 73% of respondents said they have Incident Response (IR) teams and Security Operations Center (SOC) in-house, and 95% use a SIEM (Security Incident and Event Manager). Product categories intended to replace the SIEM — such as SOAR, UEBA, and EDR — have not done so.
"Security observability borrows concepts from observability to enable security operations teams to understand risks and incidents in a more holistic way," said Jack Coates, Senior Director of Product Management at Observe. "This report shows that 99% of organizations are prioritizing security observability. Embracing this pivotal technique is imperative for security professionals, empowering organizations to discern nuanced interactions between systems and individuals over time. This approach enhances security efficacy while optimizing costs and elevating monitoring capabilities."
Other key findings from the State of Security Observability include:
- Smaller organizations struggle with limited resources in the security tools market, hindering effective adoption. However, they avoid the hype-driven churn experienced by larger teams, opting for technology upgrades within their SIEM as cost-effective alternatives.
- Cloud infrastructure doesn't provide sufficient operations or security observability on its own and agents must be used. Host agents are used by 57% of organizations for observability and 51% for security, along with container agents (42% for observability and 44% for security), and sidecar agents (29% for observability and 28% for security).
- Half of security incidents require escalation, and tool sprawl isn't helping. Only 11% of respondents report staying in a single pane of glass, with 18% using six or more tools to investigate issues.
- Cloud conversion has crossed the hallway mark and 74% of organizations have built their current systems to be mostly or entirely cloud-native.
For more information, visit https://www.observeinc.com/resources/the-state-of-security-observability-2023 to access the full 2023 State of Security Observability report.
About Observe
Headquartered in San Mateo, Calif., Observe is the observability company reinventing the way business data is stored, managed and analyzed. Only Observe eliminates silos of logs, metrics and traces by storing all data in a single, more cost-efficient data lake. The company's unique Data Graph technology enables users to troubleshoot distributed applications three times faster than competing observability solutions. Brands such as Topgolf, Reveal Data and F5 trust Observe to turn their telemetry data into actionable information. Investors include Sutter Hill Ventures, Capital One Ventures and Madrona Venture Group. For more information, visit: www.observeinc.com.
Media Contacts:
Tom Hannigan
Bateman Agency for Observe
[email protected]
SOURCE Observe, Inc.
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article