Latest news with #MichaelFanning
India Gazette
21-05-2025
- Business
- India Gazette
Security teams overwhelmed by tool maintenance, wary of AI amid rising breaches: Splunk report
New Delhi [India] May 21 (ANI): A recent report from Splunk revealed that security teams are overwhelmed by tool maintenance, leaving them little time to focus on actual threats. The 'State of Security 2025' report highlights the challenges security organisations face in today's complex threat landscape. The report revealed that 46% of respondents spend more time maintaining security tools than defending against threats, while 66% of organisations experienced a data breach in the past year. Only 11% of respondents have complete confidence in AI for critical security tasks, added the report. 'Human oversight remains central to effective cybersecurity, and AI is used to enhance human capabilities to help where it truly matters: defending the organisation,' said Michael Fanning, CISO at Splunk. The report pointed to significant operational inefficiencies. For example, a majority (59%) cite tool maintenance as a primary drain, and 78% report their security tools are dispersed and disconnected, creating considerable challenges for 69%. The above leads to wasted investigation time due to data management gaps (57%), alert fatigue (59%), and an excess of false positives (55%). However, the report believes that Security Operations Centres (SOC) analysts are facing immense pressure. Over half report being overworked, and a similar number have considered leaving cybersecurity due to stress. While wary of complete AI reliance, organisations recognise its potential. 59% of respondents have seen efficiency gains with AI, and 56% have prioritised its application to security workflows. AI is currently used for threat intelligence analysis (33%), querying security data (31%), and policy creation (29%), according to the report. The report highlighted the value of a unified security approach. Notably, 78% of respondents who share data with observability teams reported faster incident detection, and 66% noted quicker remediation. The 'State of Security 2025' report emphasised the need for organisations to adopt connected security operations, integrating human expertise with AI advancements to combat the evolving threat landscape effectively. (ANI)
Techday NZ
20-05-2025
- Business
- Techday NZ
AI investment rises as security teams battle skills shortages
Splunk has published its "State of Security 2025" global research report, detailing the challenges currently faced by Security Operations Centres (SOCs) in managing cyber threats and operational demands. The report identifies significant trends affecting security teams worldwide, including the growing role of artificial intelligence (AI) in security operations, persistent understaffing, and the complications arising from fragmented security toolsets. According to the report, 59% of security professionals surveyed stated that AI has moderately or significantly improved their efficiency. In Australia and New Zealand (ANZ), 71% of organisations are increasing their investment in AI and machine learning technologies. Staffing shortfalls also remained a concern, with 49% of respondents identifying understaffing and skills gaps as critical issues for their security teams. These shortages, combined with technological inefficiencies, are contributing factors to operational delays and increased workload pressure. A notable 78% of survey respondents reported difficulties stemming from dispersed and disconnected security tools, which impacts their ability to respond promptly and effectively to threats. The research found that 59% of organisations view tool maintenance as their biggest source of inefficiency, with 46% indicating they spend more time on maintaining tools than on defending their organisation from threats. When examining the consequences of these challenges, the report revealed that 66% of organisations experienced a data breach in the past year, making it the most commonly reported security incident. The reliance on manual processes and inadequately integrated tools was cited as a significant contributor to these breaches. Despite the increased adoption of AI, only 11% of organisations indicated full confidence in AI's role for mission-critical tasks. This cautious approach reflects broader industry sentiment on the limitations and risks of fully delegating key security decisions to automated systems. Michael Fanning, Chief Information Security Officer at Splunk, observed, "Organisations are increasingly leaning on AI for threat hunting and detection, and other mission-critical tasks, but we don't see AI taking complete oversight of the SOC – for good reason. Human oversight remains central to effective cybersecurity, and AI is used to enhance human capabilities to help where it truly matters: defending the organisation." Nate Lesser, Chief Information Security Officer at Children's National Hospital, added, "As cyber threats grow in volume and sophistication, security teams are under constant pressure. According to Splunk's State of Security report, the industry is struggling with escalating workloads, alert fatigue, and a shortage of skilled talent. Integrating AI and automation helps us address these risks and empowers our teams with smarter tools to ensure our organisation remains resilient." Many organisations are also seeing value in collaborating more closely between security and observability teams. The report indicates that 78% believe sharing data with observability teams leads to quicker incident resolution. In addition, 69% of respondents noted that disconnected and dispersed tools create moderate to significant challenges for their SOCs, hampering their ability to address evolving threats effectively. The ANZ region exhibited distinctive trends, as highlighted by Shannon Davis, Global Principal Security Researcher at Splunk. Davis stated, "Security teams in Australia and New Zealand (ANZ) are stretched thin, and it's starting to show. Critical projects are being delayed and teams asked to do more with less." She continued, "What's unique to ANZ is how quickly organisations are moving from awareness to action. Seventy-one percent are ramping up AI investment, not just for threat detection, but to help overburdened teams reclaim time and consistency in day-to-day operations." Commenting on regional developments in cybersecurity practices, Davis explained, "We're also seeing early traction around Detection as Code or DAC in this region, with a third of ANZ organisations having adopted it. It's an emerging approach to help SOC and engineering teams respond to fast-moving threats. Combine that with growing observability maturity, and ANZ businesses laying down a more resilient foundation, the region is starting to respond to what modern cyber defence demands." The findings from the "State of Security 2025" report suggest that while organisations globally are facing a combination of internal and external pressures, focused efforts on AI investment, tool integration, and human-centred security operations are shaping the ongoing response to a shifting threat landscape.
Forbes
20-05-2025
- Business
- Forbes
Building The Future Of Smarter Security Operations
Security teams are overwhelmed, but a smarter, unified approach—powered by AI and streamlined ... More workflows—could finally bring order to the chaos inside the SOC. Security Operations Centers are meant to be the command hubs of cybersecurity. But many are bogged down by tool sprawl, false alerts and burned-out teams. Splunk's State of Security 2025 report shows that security teams are spending more time maintaining tools than stopping threats—and it's costing them. I sat down with Michael Fanning, CISO at Splunk, to talk about what insights the reports revealed for him. He summed it up clearly: 'The future SOC is extremely streamlined. Analysts will be freed from mundane, repetitive tasks, so they can apply their expertise where it truly matters: defending the organization.' SOCs today face a flood of alerts. About 59% of respondents say they get too many, and 55% are dealing with too many false positives. That slows down response times and wears down teams. Nearly half of security professionals say they spend more time managing tools than actually protecting systems. Fanning noted that this isn't just inefficient—it's demoralizing. Spending an hour on a low-value alert that turns out to be nothing is frustrating, and it adds up fast. Downtime during an incident can cost over $500,000 per hour. AI is already making a difference in the SOC. About 59% of security leaders say it has improved their team's efficiency. Fanning was surprised by how many teams have already started using it. 'Greater than 50% of the respondents had mentioned that their security operations are already adopting AI in some form or fashion.' But AI is not a fix-all. It still needs oversight. Only 11% of respondents fully trust AI for mission-critical decisions. Most prefer a 'human-in-the-loop' approach. That means AI helps with repetitive tasks, but people still make the final call. Fanning put it this way: 'I don't see it as a complete replacement, but more of an aid to help an engineer or an analyst do their job faster than they were before.' Detection engineering is a top skill for modern security teams—but also one of the hardest to find. About 41% of teams say they lack it. Detection as Code is catching on because it lets teams create, test and improve detections like software. But only a third of organizations are using it regularly. Fanning stressed that quality detection is key. With good data and smart rules, analysts waste less time and respond faster. Better alerts mean better decisions. Overwork is a serious problem. More than half of SOCs report staff burnout. Many professionals have even thought about leaving the field. Some automation can help—but it also raises new questions. If AI handles the basics, how will new analysts learn the fundamentals? Fanning pointed out that his early help desk experience gave him the skills to succeed in cybersecurity. If junior staff skip that step, they may lack the deeper knowledge needed to solve complex problems. Splunk's own SOC has automated many tier-one tasks. But instead of cutting jobs, they use the freed-up time for higher-priority work. It's about shifting focus, not shrinking teams. One major problem is tool sprawl. Seventy-eight percent of respondents say their tools don't work well together. That makes fast response harder. When teams adopt a unified platform, they report better results—faster response times, less tool upkeep and stronger coverage. Security is no longer just a job for the SOC. It takes support from across the company—from HR and IT to legal and engineering. But only a small number of teams always share data across these departments. Fanning says that building those connections is crucial for quicker, more accurate responses. The future of the SOC is about using people, processes and platforms in a smarter way. That means making thoughtful use of AI, improving detection methods, closing skill gaps and unifying security workflows. The threats are faster, and the stakes are higher. But the Splunk report suggests that with the right strategy, SOCs can keep up—and even get ahead.
Associated Press
20-05-2025
- Business
- Associated Press
Global State of Security Report Reveals Critical Need for Connected Security Operations
SAN FRANCISCO, May 20, 2025 /PRNewswire/ -- Splunk, the cybersecurity and observability leader, today released its " State of Security 2025 " global research report, highlighting the mounting challenges faced by Security Operations Centers (SOCs). The report uncovers the pain points that mire down organizations and open their doors to threats – 46% of respondents said they spend more time maintaining tools than defending the organization, while only 11% trust AI completely for mission-critical tasks. Furthermore, 66% experienced a data breach in the past year, making it the most common security incident. With new threats such as AI-powered attacks, organizations must be fully prepared and confident in protecting themselves and their customers. The common thread in addressing these concerns is to build a unified SOC that combines human expertise with AI advancements. 'Organizations are increasingly leaning on AI for threat hunting and detection, and other mission-critical tasks, but we don't see AI taking complete oversight of the SOC – for good reason,' says Michael Fanning, CISO at Splunk. 'Human oversight remains central to effective cybersecurity, and AI is used to enhance human capabilities to help where it truly matters: defending the organization.' 'As cyber threats grow in volume and sophistication, security teams are under constant pressure,' said Nate Lesser, CISO at Children's National Hospital. 'According to Splunk's State of Security report, the industry is struggling with escalating workloads, alert fatigue, and a shortage of skilled talent. Integrating AI and automation helps us address these risks and empowers our teams with smarter tools to ensure our organization remains resilient.' Security teams plagued by technological inefficiencies while external threats increase When SOC workflows aren't operating at their peak, it creates major barriers to effective threat detection and response. The report highlights areas of inefficiencies that create risk for organizations: Tool maintenance, data silos, and alert fatigue bog down SOC teams. These day-to-day burdens drain valuable time and impact an analyst's ability to respond quickly and decisively. The report revealed: SOC analysts are overworked and understaffed Beyond operational hurdles, the report sheds light on the immense pressure for SOC analysts. High stress levels, chronic understaffing, and burnout are taking a toll and put talent retention and long-term team stability at risk. Findings show that: GenAI in the SOC is paying long-term dividends for organizations Organizations see how AI can alleviate operational and staff shortage problems, as 59% have moderately or significantly boosted their efficiency with AI. Over half (56%) have prioritized the application of AI to security workflows this year, while 1 in 3 (33%) plan to fill skills gaps with AI and automation. Compared to publicly available tools, 63% agree that domain-specific AI significantly or extremely enhances security operations. However, AI is not running solo as organizations keep humans in the loop to deliver trustworthy AI outcomes. The top three tasks that GenAI is helping across SOCs included: A unified approach accelerates operations Minimizing tool maintenance is just the starting point for the benefits of a unified security platform. Adopting a unified approach for threat detection and response leads to tighter collaboration, bringing more context and speed to investigations. Sharing information across security and observability isn't fully embraced yet, but those who have made the leap report noteworthy advantages. Specifically, 78% of respondents cited faster incident detection, and 66% noted quicker remediation as moderate to transformative benefits. To learn more and see the full findings, download the 2025 State of Security Report here. Methodology In collaboration with Oxford Economics, researchers surveyed 2,058 security leaders (including directors of security, vice presidents of cybersecurity, directors of security operations, and security analysts) October 2024 through December 2024. Respondents were in Australia, France, Germany, India, Japan, New Zealand, Singapore, United Kingdom and United States. They also represented 16 industries: Business services, construction and engineering, consumer packaged goods, education, financial services, government (federal/national, state, and local), healthcare, life sciences, manufacturing, technology, media, oil/gas, retail/wholesale, telecom, transportation/logistics, and utilities. About Splunk LLC Splunk, a Cisco company, helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application issues from becoming major incidents, absorb shocks from digital disruptions, and accelerate digital transformation. Splunk and the Splunk> logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at Third-party trademarks mentioned are the property of their respective owners. The use of the word ''partner'' does not imply a partnership relationship between Cisco or its affiliates and any other company. View original content to download multimedia: SOURCE Cisco Systems, Inc.
