Threat Detection Hindered by Lack of Integration – Valutrics

The lack of automation integration and workflow between security and response is hindering organizations’ ability to prevent, detect and respond to threats, according to a new report from the SANS Institute, “Integrating Prevention, Detection and Response Workflows, SANS Survey on Security Optimization.” The study assesses how organizations are structuring Gartner Group’s security architecture pillars and the Center for Internet Security (CIS) Critical Security Controls. These pillars are prevention, detection, response and prediction, which are supposed to work in a continuous loop, according to Gartner. “Are these functional groups operating in unison with shared data and workflow, or are they remaining true to the tradition of operational silos in most technology groups?” asks the report author, G. W. Ray Davidson. The survey recasts Gartner’s “prediction” pillar as “intelligence” and adds “remediation.” The survey, sponsored by ThreatConnect, analyzes satisfaction with staffing levels, tools and management-support architectures to help provide best practices and guidance. The survey is based on 1,084 professionals who work in security (63 percent) and IT (25 percent). Eighty-five percent of the organizations surveyed are U.S.-based.