New Research Finds Companies Ignore Majority of Security Alerts

In early 2016, the Enterprise Strategy Group (ESG) completed a research survey of 125 IT and cybersecurity professionals with knowledge of or responsibility for incident response processes and technologies at their organizations.

Phantom sponsored this project, so we’re sharing the executive summary below.  You can also download the full report.

ESG Report Banner

The research project was intended to assess the current practices and challenges associated with incident response processes and technologies. Furthermore, respondents were asked about their future strategic plans intended to improve the efficacy and efficiency of IR activities. Based upon the data collected, this paper concludes:

Incident response is increasingly difficult. Two-thirds of organizations believe that incident response is significantly more difficult or somewhat more difficult than it was two years ago. Why? Survey respondents point to things like more IT activities, including cloud and mobile computing, the addition of new security management and threat detection tools, and the growing volume of security alerts.

Large organizations face multiple IR challenges. Cybersecurity professionals describe IR challenges such as security alert volume, manual and informal IR processes, and misalignment between cybersecurity and IT operations teams. These challenges make it extremely difficult to modify security controls, detect attacks in progress, or remediate problems in a timely manner.

CISOs are embracing IR automation and orchestration. More than half (57%) of enterprise organizations are already taking actions to automate and orchestrate IR processes while another 42% are currently automating/orchestrating incident response processes, plan to automate/orchestrate incident response processes, or are interested in automating/orchestrating IR processes sometime in the future. What’s driving IR automation and orchestration? Survey respondents say they want to automate simple remediation actions, use automation and orchestration to create more formal IR workflows to improve collaboration between security and IT operations teams, and leverage IR automation and orchestration as an integration hub for disparate threat detection tools.

Cybersecurity professionals predict robust IR spending and activity in the near future. A vast majority (80%) of enterprise organizations plan to increase spending on incident response over the next two years. CISOs will use these funds to increase IR training, hire personnel, create a dedicated SOC/CERT, and purchase and deploy commercial incident response automation platforms.

If you are Interested in seeing how Phantom can help your organization address challenges like those identified in the research project, get the free Phantom Community Edition, and attend one of our Tech Sessions.

Erich Baumgartner
VP, Field Operations

About Phantom

Phantom, an award-winning company, automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit: