92% of organizations lack standardized cyber investigation processes, Command Zero research reveals

September 10, 2024

Austin, TX – September 10, 2024 – Command Zero published a research report highlighting the top challenges in cyber investigations, along with recommendations for security operations leaders. The interview-based report revealed that 88% of security leaders expressed concerns about operational issues related to the lack of skilled staff and high attrition rates. 92% of respondents reported a lack of standardized processes for cyber investigations while 72% admitted to having blind spots for non-security data sources.

Command Zero is the industry’s first autonomous and user-led cyber investigation platform. To better understand the current state of investigations, the Command Zero team conducted 352 interviews over 24 months (2 years) with security professionals including CISOs, security VPs, directors, managers, incident handlers and responders, legal counselors, and risk leaders. Respondents came from diverse organization sizes, verticals and geographies.

The research report covers three top challenges for security operations:  

  1. The universal talent gap in cyber hinders the ability to run investigations. 88% of respondents expressed concerns about operational issues related to the lack of skilled staff and high attrition rates. Lack of cloud security skills and visibility across the stack were also shared challenges.  
  1. Current SecOps tools are hard to operate and investigate. Respondents confirmed high operational costs for running SIEM, SOAR and EDR solutions. Blind spots for critical SaaS applications and non-security data sources were also common.
  1. Investigations lack consistency, documentation and auditability. A lack of standardized collaboration during cyber investigations, overly complex regulatory requirements and scope creep hinder analyses and response. The average organization lacks programmatic ways to incorporate learnings from past investigations.  

“These findings shouldn’t come as a surprise to cyber leaders”, said Joe Albaugh, SVP, CISO at NRG Energy. “Understanding the challenges around cyber investigations and building the right processes will improve mean time to understand, respond and remediate. This is the only viable path to fewer breaches and reduced impact for incidents.”

The report also states Command Zero’s perspective on findings and actionable recommendations for SecOps leaders. These recommendations include standardizing the investigation process, abstracting access to data, using automation for time intensive tasks like creating timelines and reports, as well as improving collaboration and communication across teams.  

“Cyber investigations are where the rubber meets the road: Security operations teams need to come to a verdict for the hardest, most complex high priority cases. This research confirms the top challenges security leaders face today, and where CISOs can make a meaningful impact.” said Dov Yoran, cofounder and CEO at Command Zero. “Despite improvements in other aspects of SecOps, investigations remain ad-hoc processes, lacking consistency and auditability. Clearly, we need to address increasing challenges with infrastructure complexity, the universal talent gap, higher regulatory and compliance requirements. Using expert platforms, AI and automation will help overcome the challenges identified by this research. We hope the findings and recommendations in this report help guide improvements in security operations.”

The report is available on the Command Zero website.  

###

About Command Zero

Command Zero is the industry’s first autonomous and user-led cyber investigation platform, built to transform security operations in complex enterprise environments. The platform reduces the need for technology specific expertise for tier-2, tier-3 analysts, incident responders and threat hunters. Command Zero enables all users to perform at the highest level by ensuring consistent, repeatable, auditable investigations with automated reporting.  

Command Zero is a passionate group of accomplished cyber experts focused on revolutionizing cyber investigations. The co-founders have led seven successful cybersecurity acquisitions to date including exits to Symantec, McAfee, Sourcefire, Cisco and IBM. Headquartered in Austin, TX with presence in Calgary Alberta, Canada, the company has seasoned employees across the US and Canada.  

Learn more at www.https://www.cmdzero.io/ and follow the Command Zero LinkedIn page.

Contact

Erdem Menges || VP of Product Marketing || press@cmdzero.io  

Erdem Menges
VP of Product Marketing
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.