Threat Detection Software Tools: Research Explores Build vs. Buy Debate -

A cyber threat research study reveals that 55% of organizations have built their own detection tool but less than half found it to be highly effective. Whether or not that figure reflects your own organization’s reality, Panther Labs uncovers intriguing findings in its new report, "State of Threat Detection and Response."

Panther Labs, a San Francisco, California-based cybersecurity company specializing in cloud-scale detection and response, surveyed 400 U.S. security practitioners for its report. To reflect the "boots on the ground" perspective for security teams, survey respondents were primarily security analysts and security engineers.

As part of its research, Panther Labs’ probed the effectiveness of its own tools and processes, the challenges they face, and projections for the future. The research also includes Panther Labs' recommendations for cyber security improvements — so MSPs and MSSPs may want to take note.

Cyber Threat Alerts Give Way to False Positives

Data breaches are at an all-time high, and the ways malicious actors go after vulnerable organizations are becoming increasingly sophisticated. As such, security teams face unprecedented challenges in protecting their organizations, according to the Panther Labs report.

Adding to the challenges for security teams are threat detection and response activities being hampered by tools that haven’t evolved to manage the massive amount of data generated by today’s cloud infrastructure and applications.

With this reality in mind, Panther Labs offers these key findings:

55% of respondents have built their own detection and response tool, but less than half found it to be highly effective. The need to build their own tools likely stems from dissatisfaction with the tools available. In fact, 25% said the tool they built was highly ineffective.

The biggest challenge is efficiency. Most respondents say efficiency issues, such time wasted on false positives and a lack of efficient processes, are their biggest challenges today.

Automation would make them more effective. Respondents believe that automating manual tasks would have the greatest impact on making security operations more efficient.

Over the last 12 months, 48% of respondents have seen a three-fold increase in the number of alerts per day. This is an alarming growth rate, says Panther Labs, compounds an already problematic situation for teams already stretched thin.

More than 50% of respondents find that at least half of alerts are false positives. Managing a high volume of false positives is contributing to alert fatigue and impacting security teams' ability to focus on more high-value tasks.

Panther Labs Issues Wakeup Call

Jack Naglieri, CEO and founder of Panther Labs, adds perspective to his company’s research:

"Threat detection and response at modern scale is challenging, no matter how large or experienced your team is. The answers provided by our respondents confirm what many security practitioners experience firsthand every day: commercial tools are often not living up to their expectations, but security teams also struggle to build their own internal tooling that can perform as needed."

However, the report reveals a disparity of opinion involving threat detection and response programs as a top priority over the next 12 months. “Ensuring complete coverage of organizational resources” is the top priority of 16.9% of respondents, and the priorities break down from there.

The No. 2 response is a tie, as 13.5% say either “advancing our cloud security posture” or “adding more security sensors” is their top choice. “Improving the speed of our response rate” and “other” tie at 11.8%, and 10.1% report “aggregating security logs into a single place” or “reducing false positives.” Other choices include “getting management buy-in to expand funding” (8.4%) and “generating better reporting metrics” (3.3%).

For more survey responses and added perspective, download a full copy of the report.