Download the 2024 State of Threat Detection and Response: Defenders’ Dilemma Report
Right around this time last year Vectra AI released its first State of Threat Detection Report, which set out to gain a better understanding about how effective security practitioners believed their organizations were at detecting and responding to security threats. The report used responses from 2,000 security pros who didn’t hold back when disclosing the daily challenges faced when detecting threats across hybrid environments. We gained honest insights about technology limitations, skill shortages, sentiment around burnout, and even if practitioners believed whether there was a chance their organization was compromised without them knowing. Spoiler — 71% of practitioners at the time admitted their organization may have been compromised without them knowing.
What did we conclude?
We said, “threat detection is fundamentally broken.”
A bold and curious statement considering how many security “solutions” are deployed by SOCs to detect and respond to threats — until you looked at the data. But that was just one report, right? At the time, yes, but that’s not the case anymore because we’ve just rolled out the 2024 State of Threat Detection and Response Report: The Defenders’ Dilemma. And while I am not going to spoil an ending for you twice in one post, you can get a free copy by clicking one of the many report links in this blog. What can I tell you about the 2024 report?
The two areas that I found added unique insights in the 2024 report are the year-over-year data and the practitioner sentiment and adoption of AI in the SOC — both new to 2024. There are definitely areas that show little change on the surface, such as the number alerts and the percentage of those alerts that are realistically addressed, however, we were able to explore deeper into the problem areas — like why significantly more practitioners feel they’re losing the battle detecting and prioritizing real threats than they did a year ago. And why there’s an increase in SOCs who feel their tools are more of a hindrance than help in spotting real attacks.
Seeing the year-over-year data further supports the notion of the “Defenders’ Dilemma” that security practitioners live through every day — that regardless of how an incident transpires, defenders are on the hook anytime something goes wrong. A vulnerability gets exploited, an employee or contractor isn’t cyber aware, new gaps or attack methods emerge, an attack gets buried in a flood of alerts — defenders are the ones who have to answer questions. That will probably never change as it’s just the nature of the job, but practitioners are now expressing dissatisfaction with vendors who they say need to step up and own more of the responsibility rather than just selling more detection tools.
The 2024 State of Threat Detection and Response report highlights an increasing disconnect between SOC practitioners and security vendors and shows where things might be heading to solve the tired challenges that have plagued threat detection for far too long. You’ll find out if threat detection is still broken or whether SOCs even have a threat detection problem — maybe it’s actually something else? If you haven’t already bailed on this post, you can grab a copy, here: Download Report