1、MarketPulse Survey �����for Splunk:Leveraging data to improve cybersecurity postureNovember 8,2022Foundry Research2Method and ObjectivesSurvey goalsTo understand ��������how public and private sectors are leveraging and sharing data to adapt to an evolving cybersecurity landscape.In this survey we determine:how
2、public and private������ sector organizations are using data to address cybersecurity prioritiesobstacles to acting on data to improve cybersecurit����y posturethe extent to which cybersecurity intelligence is shared within and outside sectorsthe security-related data that is most important to sharethe most a
3、ppealing benefits of sharing cybersecurity intelligenceplanned investments over the next 12 months to maximize cyber�����security budgetsTotal r������espondents 210Collection methodOnline questionnaireGeography U.S.Field datesOctober 18,2022 November 2,2022Number of questions 16Average organization size 5,643
4、employeesSenior Decision-makersRespondents are employed in IT and IT/Data Security management roles.Respondent Profile34Base 210(Public sector 100;Private sector 110)Industry/sector20%17%11%7%6%4%4%4%4%3%3%3%�����3%2%2%2%1%1%1%Private sector52%Public sector48%5S5:Approximately how many people are employe
5、d in your entire organization or agency?Base 210The average organization size is 5,643 employees 6%12%9%10%17%22%25%20,000 or more10,000-19,9997,500-9,9995,000-7,4992,500-4,9991,000-2,499500-999Company Size by Number of Employees6S3:���How are you involved in cybersecurity and/or data security technolo
6、gy decisions at organization/agency?Base 210100%are involved in cybersecurity technology decisions79%61%58%69%55%Influence purchase decisionsEv��������aluate products/solutionsRecommend products/solutionsApprove the final purchaseImplement/manageproducts/solutionsInvolvement in cybersecurity/data security t
7、echnology d�������ecisions7S4:Which of the following best describes your job title?Base:210Forty-two percent(42%)hold VP and above titles4%3%3%2%2%9%5%12%2%27%21%9%CIO(Chief Information Officer)CTO(Chief Technology Officer)CSO(Chief Security Officer)CISO(Chief Information Security Officer)CDO(Chief Da�����ta Of
8、ficer)Executive VP,Senior VP of ITExecutive VP,Senior VP of IT Security/Data SecurityVP of ITVP of IT Security/Data SecurityDirector of ITDirector of�������� IT Security/Data SecuritySOC ManagerJob Title8Executive SummaryExecutive SummaryCYBERSECURITY PRIORITIESPublic and private sector share similar cybers
9、ecurity priorities.Topping the list are improving threat response/remediat�����ion(55%among public sector and 53%among private sector respondents),improving detection of emerging threats(49%and 47%,respectively)and improving user security awareness(46%and 50%).Private sector respondents are more likely t
10、o prioritize securing the supply chain(37%compared to 28%among public sector respondents)and enabling secure WFH/remote work(31%compared to 22%).USE OF DATA TO ADDRESS PRIORITIES AND MANDATESWhile the top uses of data are consistent across sectors,private sector organizations are lever��������aging data mor
11、e broadly to address cybersecurity.Both public and private sector organizations are likely to be leveraging data to mon����itor cybersecurity activity(66%and 65%),perform risk assessments(59%and 58%)and analyze threat ��������intelligence(60%and 56%).Public sector agencies are more likely to be using data to in
12、vestigate fraud(62%compared to 52%among those in the private sector),while private sector organizations are more often analyzing OT data(63%versus 47%among public sector respondents),leveraging predictive analytics(43%vs.31%)and using log management data(35%versus 27%).CHALLENGES OF LE�������VERAGING DATA
13、TO IMPROVE CYBERSECURITY POSTUREPublic sector organizations are more likely to struggle�������� with leveraging data to detect and prevent threats(63%compared to 49%of private secto������r respondents)and/or mitigate cybersecurity events(66%versus 56%).More than half of all agencies and organizations report its c
14、hallenging to leverage data to inform cybersecurity decisions,detect and prevent threats and/or mitigate events.Skills gaps(40%among both public and private sector respondents),lack of resources(31%public sector,35%private sector),data integration(28%and 33%)and lack of visibility int�����o the threat la
15、ndscape(32%and 29%)are common top challenges inhibiting the ability t�����o act on data.Public������ sector respondents more often report conflicts or tension around data ownership(25%versus 18%among private sector),and excess“noise”from connected systems(23%versus 13%).9Executive Summary(continued)SHARING OF
16、CYBERSECURITY INTELLIGENCEPublic secto�����r respondents are significantly more likely to report their agencies share cybersecurity intelligence with other ������agencies or organizations in their sector(83%regularly share data within their sector versus 49%of private sector respondents).Both public and privat
17、e sector agencies/organizations are less likely to share cybersecurity intelligence outside(versus within)their sec������tor.Forty-two percent(42%)of public sector respondents report shar�������ing data with private sector organizations,and 38%of private sector respondents report regularly sharing data with gove
18、rnment agencies.Approximately one in ten respondents reports their agencies/organizations participate in ISACs or ISAOs(9%of public sector and 12%of private s������ector respondents).Threat intelligence(63%of public sector and 72%of private sector organizations,respectively)and train�����ing materials/best pra
19、ctices(59%and 71%)a������re the most common types of information shared within or outside of respondents sectors.Agencies and organizations that share data outside of their sector are more likely to share threat intelligence(76%compared to 58%of those who only share data within their sect�����or).Real-time inf
20��������、ormation about security events is least likely to be shared(34%report they share this data today),though a majority consider it important(60%of public sector and 69%of private sector respondents).Forty-f��our percent(44%)of public sector respondents indicate shared cybersecurity intelligence available
21、 to them is lacking for their needs,compar�������ed to 29%of private sector respondents.Eighteen percent(18%)of public sector respondents and 25%of private sector respondents report cybers�������ecurity intelligence is“more than adequate”for their needs and 34%and 45%,respectively,indicate it is“adequate”.Improve
22、d a�����gility to react to threats stands out among private sector respondents as a benefit of sharing cybersecurity intelligence(44%of private sector respondents rank this as the number one benefit,versus 36%of public sector respondents).Most private sector respondents(84%)indicate time spent gathering
23、disparate data inhibits their ability to be agile and respond in real-time to security events(compared to 56%of public sector respondents).10Executive Summary(continued)TECHNOLOGY INVESTMENTS AND BUDGETS������Threat analysis/classification and prioritization of alerts are cited as the top two potentially
24、time-saving automat������ions for cybersecurity/IT/data teams.Private sector respondents show more interest in ��������automating user behavior analytics(57%versus 46%of public sector respondents),while those in the public sector are more likely to indicate automation of incident response would be a time-saver(56
25、%versus 45%of those in the private sector).Public sector or����ganizations are more likely to report that day-to-day cybersecurity teams frequently have input when planning technology investments(64%versus 53%of those at priv������ate sector organizations).Additionally,organizations that regularly share cyber
26、security intelligence are more likely to solicit input on investments from teams managing day-to-day workloads(63%versus 42%of all others).Budget is an obstacle to addressing cybersecurity priorities and mandates at three-quart����ers of respondents organizations.Most public sector respondents report bu
27、dget is an obstacle to a great extent(48%)or to some e���xtent(31%).Three-quarters of private sector respondents likewise indicate that budget is standing in the way to a great extent(35%)or to some extent(40%).More than one-third indicate cybersecurity budget is too low to ������address priorities and manda
28、tes(44%of public sector,35%of private sector).Top planned investments to address cybersecurity priorities include monit�����oring/alerting(60%of public sector and 59%of private sector respondents),threat intelligence(44%and 46%),and s�������ecurity assessments(40%and 45%).Private sector respondents are more lik
29、ely to be planning investments in SOAR(41%versus 34%of public sector respondents),centralized log management(32%compared to 21%),and observability(28%versus 14%).1112Results13Q1:What are your organizations/agencys top cybersecurity priorities over the ������next 12 months?Base:100 in the public sector;110
30、 in the private sectorPublic and priv��������ate sector share similar cybersecurity priorities55%49%46%36%28%31%28%22%53%47%50%32%37%2�����2%27%31%Improving threat response/remediationcapabilitiesImproving detection of emerging threats(e.g.,ransomware)Improving user security awarenessImproving citizen/customer e
31、xperiencesSecuring the supply chainMeeting governance&comp������liance regulationsBuilding trust in systems and processesEnabling secure WFH/remote workTop cybersecurity priorities(Select and rank the top 3)Public sectorPrivate sector14Q2:In which of the following ways is your organization/agency leveragi
32、ng data to address your cybersecurity priorities?Base:100 in the public sector;110 in the private sect�������orWhile the top uses of data are consistent across sectors,private s������ector organizations are leveraging data more broadly to address cybersecurity66%59%60%62%47%44%31%27%65%58%56%52%63%50%43%35%Monit
33、oring cybersecurity activityPerforming risk assessmentsAnalyzing threat intelligenceAnalyzing/investigating fraudAnalyzing data from operationa������l technology(OT)Integrating/adopting cybersecurity frameworksPredictive analyticsLog managementWays in which organizations are leveraging data to address cyb
34、ersecurity priorities(Select all that apply)Public sectorPrivate sector15Q3:How challenging is it for your organization/agency to access and ������leverage data to accomplish the following?Base 100 Public sector;110 Private sectorPublic sector organizations are more likely to struggle with leverag������ing data
35、 to������� detect,prevent and/or mitigate cybersecurity events5�����2%63%66%50%49%56%Inform cybersecurity strategy decisionsDetect and prevent cybersecurity threatsMitigate/recover from cybersecurity eventsChallenge of accessing/leveraging data to(%indicating very/somewhat challenging)Public sectorPrivate secto
36、r16Q4:What challenges������� are inhibiting your organizations/agencys ability to act on data to improve your cybersecurity posture?Base:100 in the public sector;110 in the private sectorSkills gaps,lack of resources,data integration and lack of visibility into the threat landscape are top challenges inhib
37、iting the ability to act on data40%31%28%32%26%25%23%25%19%23%15%13%40%35%33%29%28%28%27%18%18%13%15%15%Gaps in cybersecurity skills/expertiseLack of time ������or IT resourcesData integrationLack of visibility into the threat landscape(assets,OT environments,etc.)Legacy systemsBudget constraintsLack of a
38、utomationConflicts or tension around data ownershipDisparate/overl��������apping toolsExcess noise from connected devices andsystemsUndocumented protocols/processesLack of understanding regarding where to startChallenges inhibiting the ability to act on data(Select and rank the top 3)Public sectorPrivate se
39、ctorPublic sector respondents more often report conflicts or tension around data ownership,and excess“noise”from conn������ected systems.17Q5:Is your organization/agency sharing cybersecurity intelligence regularly with other organizations and agencies to address cybersecurity mandates and priorities?Base
40、 100 Public sector;110 Private sectorPublic sector respondents are significantly more likely to report their agencies share cybersecurity intelligence with other public sector agencies or organizations83%5%12%49%21%28%Yes,we are sharing intelligence regularlyYe������s,while we arent ������sharing intelligence o
41、n aconsistent basis we are willingNo,we are not willing to share intelligenceSharing cybersecurity intelligence regularly with�������in sectorPublic sector(sharing with other public sector agencies)Private sector(sharing w������ith other private sector organizations)18Q5:Is your organization/agency sharing cyber
42、security intelligence regularly with other organizations and agencies to address cybersecurity mandates and priorities?Base 100 Public sector;110 Private sectorAgencies/organizations are less likely to share cyb�������ersecu����rity intelligence outside of their sector42%8%49%38%13%48%Yes,we are sharing intell
43、igence regularlyYes,while we arent sharing intelligen�������ce on aconsistent basis we are willingNo,we are not willing to share intelligenceSharing cybersecurity intelligence regularly outside of sectorPublic sector(sharing with private sector)Private sector(sharing with government agencies/contractors)19
44、Q6:Does your organization/agency participate in any Informat������ion Sharing and Analysis Centers(ISACs)or Information Sharing andAnalysis Organizations(ISAOs)?Base 100 Public sector;110 Private sectorApproximately one in ten respondents reports their agencies/organizations ������participate in ISACs or ISAOs9
45、%91%0%12%87%1%YesNoDont knowParticipation in ISACs and/or ISAOsPublic sectorPrivate sectorAuto-ISAC(3 mentions)AVIATION ISACBIO-ISACCalCISO������CISCPCompTIA ISAOEMR-ISACFS-ISACIT-ISACLABEOCMULTI-STATE ISACPT-ISACRH-ISACRISSST-ISACTX-ISAO(2 mentions)20Q7:What types of cybersecurity-related data is your or
46、gan�����ization/agency currently sharing with others inside or outside of your sector?Base 88 Public sector;76 Private sectorThreat intelligence and training materials/best practices are the most common types of information shared within or outside of respondents sectors63%59%44%38%72%71%43%29%Threat int
47、elligence and actorsCybersecurity����� trainingmaterials/B�������est practicesBenchmark dataReal-time information aboutsecurity eventsTypes of cybersecurity data shared within or outside of sector(among those sharing data)Public sectorPrivate sector21Q7:What types of cybersecurity-related data is your organizat
48、ion/agency currently sharing wi�������th others inside or outside of your sector?Base 84 sharing any �����data outside of their sector;80 not sharing any data outside of their sectorAgencies and organizations that share data outside of their sector are more likely to share threat intelligence76%69%35%38%58%60%5
49、4%29%Threat intelligence and actorsCybersecurity trainingmaterials/Best practicesBenchmark dataReal-time informa������tion aboutsecurity eventsTypes of cybersecurity data shared within or outside of sector(among those sharing data)Sharing any data outside of sectorNot sharing any data outside of sector22Q
50、8:What types of cybersecurity-related data is most important to share with others inside or outside of your sector?Base:100 in the public sector;110 in the private secto������r;164 sharing data todayReal-time information about security events is least likely to be shared today,though a major������ity consider i
51、t important79%69%60%36%68%63%69%3������1%65%67%3������4%44%Cybersecurity training materials/bestpracticesThreat intelligence and actorsReal-time information about security eventsBenchmark dataCybersecurity-related data most important to share(Among all respondents;Select and rank the top 3)Public sector-Importa
52、nt to sharePrivate sector-Important to shareBeing shared today(among all sharing data)23Q9:How would you describe the sha������red cybersecurity intelligence available to your organization/agency today?Base 100 Public sector;110 Private sectorForty-four percent(44%)of public sector respondents indicate sh
53、ared cybersecurity intelligence available to them is lackin������g for their needs 18%34%27%17%25%45%28%1%More than adequate for our needsAdequate for our needsSomewhat lacking for our needsSignificantly lacking for our needsHow would you describe the shared cybersecurity intelligence available to your or
54、ganization/agency today?Public sectorPrivate sector24Q10:What are the most appealing potential benefits of s�������haring data with others inside or outside of your sector?Base:100 in the public sector;110 in the private sectorImproved agility to react to threats stands out among private sector respondents
55、 as a benefit of sharing cybe��������rsecurity intelligence36%32%29%44%34%23%Improved agility to react to cybersecurity threatsand eventsGreater visibility into the networkTargeted preventative and proactive measuresM�������ost appealing potential benefits of sharing cybersecurity intelligence(%ranking as#1)Public
56、 sectorPrivate sector25Q11:From your perspective,how often does time spent on gathering disparate data inhibit your organizations/agencys ability to be agile and respond in real-time?Base 100 Public sector;110 Private sectorMost private sector res������pondents(84%)indicate time spent gathering disparate
57、data inhibits their ability to be agile and resp�������ond in real-time to security events21%35%22%22%37%4����7%7%9%FrequentlySometimesRarelyNeverHow often does time spent on gathering disparate data inhibit your organizations/agencys ability to be agile and respond in real-time?Public sectorPrivate sector26Q1
58、2:What types of automations would be the biggest time savers for your cybersecurity/IT������/data teams?Base:100 in the public sector;110 in the private sectorThreat analysis/classification a�����nd prioritization of alerts are cited as the top two potentially time-saving automations for cybersecurity/IT/data
59、teams68%62%46%54%56%40%73%66%57%49%45%47%Threat analysis/classificationPrioritizing alerts/threatsUser behavior analyticsWorkflow efficiencyIncident response(based on pre-determinedplaybooks)Incident/case manage������mentNoneTypes of automations that������� would be the biggest time savers for cybersecurity/IT/d
60、ata teams(Select all that apply)Public sectorPrivate sector27Q13:Does your organization/a����gency solicit input from the teams that are managing day-to-day cybersecurity workloads when planning cybersecurity investments?Base 100 Public sector;110 Private sectorPublic sector organizations are more likel
61、y to report that day-to-day cybersecurity teams frequently have input when plan�������ning technology investments64%21%14%1%53%35%12%1%Yes,frequentlyYes,sometimesRarelyN������everDoes your organization/agency solicit input from the teams that are managing day-to-day cybersecurity workloads when planning cybersec
62、urity investments?Public sectorPrivate sector28Q13:Does your organization/agency solicit input from ������the teams that are managing day-to-day cybersecurity workloads when planning cybersecurity investments?Base 164 sharing data;56 not sharing data Organizations that regularly share cybersecurity intell
63、igence are more likely to solicit input on investments from teams managing day-to-day workloads63%24%13%1%42%43%12%2%Yes,frequentlyYes,sometimesRarelyNeverDoes your organization/agency solicit input from the teams that are managing day-to-day cybers��������ecurity workloads when planning cybersecurity inves
64、tments?Sharing cybersecurity data within or outside sectorNot sharing cybersecurity data within or outside of sector29Q14:To what extent is available budget inhibiting your organizations/agencys ability to address cybersecurity pr������iorities and mandates?Base 100 Public sector;110 Private sectorB������udget
65、is an obstacle to addressing cybe��������rsecurity priorities and mandates at three-quarters of respondents organizations48%31%21%35%40%25%To a great extentTo some extentNot at al�����lTo what extent is available budget inhibiting your organizations/agencys ability to address cybersecurity priorities and mandate
66、s?Publi�����c sectorPrivate sector79%of public sector respondents(to a great/to some extent)75%of private sector respondents(to a great/to some extent)30Q15:From your perspective,is your organizations cybersecurity budget adequate to address existing cybersecurity p�����riorities and mandates?Base 100 Public
67、sector;110 Private sectorMore than one-third �������indicate cybersecurity budget is too low to address priorities and mandates(44%of public sector,35%of private sector)56%44%65%35%Yes,we have enough budgetNo,the budget is too lowDont knowFrom your perspective,is your organizations cybersecurity����� budget ade
68、quate to address existing cybersecurity priorities and mandates?Public sectorPrivate sector31Q16:In which of the following areas is your organization/agency planning to invest over the next 12 months to maximize your budg������et as you address cybersecurity man�����dates and priorities?Base:100 in the public
69、sector;11����0 in the private sectorTop planned investments to address cybersecurity priorities include monitoring/alerting,threat intelligence,and security assessments.60%44%40%36%36%34%21%14%59%46%45%40%31%41%32%28%Cybersecurity monitoring/alertingThreat intellig�������enceSecurity assessmentsSecurity traini
70、ngSecurity frameworks(e.g.,zero trust)Security Orchestration,Automation andResponse(SOAR)Centralized log managementObservabilityPlanned investment������s to maximize cybersecurity budget Next 12 months(Select the top 3)Public sectorPrivate sector32APPENDIX33Q1:What are your organizations/agencys top cyber
71、security priorities over the next 12 months?Base:100 in the public se������ctor17%18%14%17%10%9%10%5%19%13%19%6%11%9%12%9%19%18%13%13%10%10%6%8%55%49%46%36%31%28%28%22%Improving thr�������eat response/remediation capabilitiesImproving detection of emerging threats(e.g.,ransomware)Improving user security awarenes
72、sImproving citizen/customer experiencesMeeting governance&compliance regulationsSecuring the supply chainBuilding trust in systems and processesEnabling secure WFH/remote workPUBLIC SECTOR:Top cybersecurity priori��������tiesRank 1Rank 2Rank 3SUM34Q1:What are your organizations/agencys top cybersecurity pri
73、orities over the next 12 months?Base:110 in the private sector15%20%17%14%9%8%9%7%18%14%15%14%12%9%13%5%20%16%������15%9%11%14%5%10%53%50%47%37%32%31%27%22%Improving threat response/remediation capabilitiesImproving user security awarenessImproving detection of emerging threats(e.g.,ran�����somware)Securing th
74、e supply chainImproving citizen/customer experiencesEnabling secure WFH/remote workBuilding trust in systems and processesMeeting governance&compliance regulationsPRIVATE SECTOR:Top cybersecurity prioritiesRank 1Rank 2Rank 3SUM35Q4:What challenges are inhibiting your organiz������ations/agencys ability to
75������、 act on data to improve your������� cybersecurity posture?Base:100 in the public sector14%13%7%7%8%10%12%5%5%7%8%4%5%11%13%11%11%10%11%11%9%2%0%6%21%8%11%10%7%5%2%7%9%10%7%3%40%32%31%28%26%25%25%23%23%19%15%13%Gaps in cybersecurity skills/expertiseLack of visibility into the threat landscape(assets,OTenvir
76、onments,etc.)Lack of time or IT resourcesData integrationLegacy systemsBudget constraintsConflicts or tension around data ownershipExcess noise from connected��������� devices and systemsLack of automationDisparate/overlapp�����ing toolsUndocumented protocols/processesLack of understanding regarding where to star
�����77、tPUBLIC SECTOR:Challenges inhibiting the ability to act on dataRank 1Rank 2Rank 3SUM36Q4:What challenges are inhibiting your organizations/agencys ability to act on data to improve your cybersecurity posture?Base:110 in the private sector11%15%1�������5%11%8%10%7%6%5%4%5%4%13%9%7%12%11%10%7%8%6%9%4%4%16%12
78、%11%6%9%8%13%4%7%3%5%5%40%35%33%29%28%28%27%18%18%15%15%13%Gaps in cybersecurity skills/expertiseLack of time or IT resourcesData integrationLack of visibility into the threat landscape(asset������s,OTenvironments,etc.)Legacy systemsBudget constraintsLack of automationDisparate/overlapping toolsConflicts
79、or tension around data ownershipLack of understanding regarding where to st�������artUndocumented protocols/processesExcess noise from connected devices and systemsPRIVATE SECTOR:Challenges inhibiting the ability to act on dataRank 1Rank 2Rank 3SUM37Q8:What types of cybersecurity-related data is most impor
80、tant to sha�����re with others inside or outside of your sector?Base:100 in the public sector36%24%18%10%26%19%20%9%17%26%22%17%79%69%60%36%Cybersecurity training materials/Best practices�������Threat intelligence and actorsReal-time information about security eventsBenchmark dataPUBLIC SECTOR:Cybersecurity-rel
81、ated data most important to shareRank 1Rank 2Rank 3SUM38Q8:What types of cybersecurity-related data is most important to share with others inside or outside of your sector?Base:110 in the private sector24%25%18%14%21%19%25%7%24%24%20%10%69%68%63%31%Real-time information about secur��������ity eventsCybersec
82、ur�����ity training materials/Best practicesThreat intelligence and actorsBenchmark dataPRIVATE SECTOR:Cybersecurity-related data most important to shareRank 1Rank 2Rank 3SUM39Q10:What are the most appealing potential benefits of sharing data with othe�����rs inside or outside of your sector?Base:100 in the p
83、ublic sector36%32%29%38%29%34%25%38%36%Improved agilit������y to react to cybersecurity threats andeventsGreater visibility into the networkTargeted preventative and proactive measuresPUBLIC SECTOR:Most appealing benefits of sharing cybe��������rsecurity intelligenceRank 1Rank 2Rank 340Q10:What are the most appea
84、ling potential benefits of sharing data with others inside or outside of your sector?Base:110 in the private sector44%34%23%32%27%31%25%39%46%Improved agility to react to cybersecurity threats andeventsGreater visibility into the networkTargeted preventative and proactive measuresPRIVATE SECTOR:Most a����ppealing benefits of sharing cybersecurity intelligenceRank 1Rank 2Rank 3Contact41 Jen Garofalo Research Director Email:jen_
sgpjbg002
工作日 8:30 - 17:30
报告分类
