Skip navigation

In conjunction with SANS, SolarWinds conducted a survey of IT professionals on the impact of security threats and the use of security analytics and intelligence to resolve those threats.  We isolated the 120 government responses to get a sense of how analytics and intelligence are helping with the ever-increasing security challenges in the federal space.


Across the responses there was a commonality in uncertainty.  From truly understanding what the budget was for “information security management, compliance and response” (44 percent said unknown), to the number of attacks, to context around normal system behavior, to the roles needed in the organization, respondents agreed most on the lack of a standard.


What they do know is that security events happen. About 43 percent reported that in the past two years, their organizations experienced one or more attacks that were difficult to detect. Another 28 percent answered “unknown” to this question, continuing our theme of uncertainty.


Documented attacks take on average one week to detect. The three greatest blocks to discovering these attacks fall into the “we don’t know what we don’t know” category:

  • Lack of system and vulnerability awareness
  • Not collecting appropriate operational and security data
  • Lack of context to observe “normal behavior”


So, how is this problem overcome? With data of course! The data being used most frequently in the federal space to investigate security issues are:

  • Log data from networks and servers
  • Network monitoring data
  • Access data from applications and access control systems


In the next 12 months, respondents say they plan to begin using the following reporting data to enhance their security monitoring:

  • Monitoring and exception data pertaining to internal virtual and cloud environments
  • Access data from applications and access control systems
  • Security assessment data from endpoint, application and server monitoring tools


But as we all know, the more data you get, the more difficult it is to manage and make sense of it all. For that data to be effective, there needs to be a level of analytics. There is an even split between respondents saying that they correlate threat data using internally developed methods and those that say they do not correlate log data with external threat intelligence tools at all (43 and 42 percent, respectively). For those using analytics and analytic tools, the majority reported the biggest weakness was determining and measuring against a baseline.


What does this all mean? In order to get a handle on security threats, organizations must focus not necessarily on analyzing outliers, but on what the normal range should look like. Determining that baseline using monitoring tools and putting effort into correlating historical data with threat information will create more certainty and pay great dividends in being able to more quickly spot security events.  


Full public sector survey results are available by request.

SolarWinds, in conjunction with SANS, recently released the results of a security survey* of more than 600 IT professionals representing a broad range of industries and organization sizes. The survey was conducted to identify the impact of security threats and the use of security analytics and intelligence to mitigate those threats. 


Key Survey Findings:

Survey respondents generally agreed that support for managing security today was inadequate, with key impediments being lack of visibility to effectively detect and respond to threats, as well as limited security budgets.


Lack of Threat Visibility:

A majority of respondents expressed their need for greater security data visibility and context to identify and respond to threats faster.


Forty-five percent of respondents reported that in the past two years their organization experienced one or more advanced threats that were difficult to detect, with the average detection time being one full week (a lot of damage can be done in that time). Even scarier, 21 percent reported that they lacked enough visibility to even answer the question around whether or not they had experienced an advanced threat.

Top reasons cited for "difficult to detect" threats were:

  • Not collecting appropriate operational and security data
  • Lack of context to observe normal behavior (and set baselines)
  • Lack of system and vulnerability awareness
  • Lack of skills and training


To improve threat visibility and security intelligence, survey respondents said they plan to invest in better SIEM (Security Information and Event Management) tools and more security-specific training. But given the limited security budgets of many organizations (which we discuss below), will these "planned" investments end up getting pushed to the back burner?


Limited Security Budget:

IT departments today are having to do more with less. IT budgets have been shrinking, so it should be no surprise that respondents cited lack of budget as a key impediment to managing security.

Many of those surveyed indicated that they are working with limited budgets to properly manage “information security, compliance and response", with nearly half of the respondents reported spending 20 percent or less of their IT budget on security.  This is definitely a cause for concern given the ever-growing threat landscape and advanced nature of attacks.

The question then becomes--how do you maximize limited security budgets to improve threat intelligence and response?


Security is everyone’s problem. The responsibility of securing IT is not just the role of a security expert anymore, it’s important for all IT pros to be equipped to tackle security challenges. But, at the same time, keeping costs down will always be a driving factor for businesses. This is why it’s so important to invest in easy-to-use, affordable security management tools that don’t require a lot of time or budget to implement, but instead provide visibility and control right out of the box.



Check out this SlideShare to view more details on the survey results.

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.