SANS 2024 Detection and Response Survey Findings

This technical report presents the findings from the SANS 2024 Detection and Response Survey, which aims to gather insights on how organizations manage cybersecurity threats globally. The survey reveals that detection and response capabilities are crucial to an organization's cybersecurity strategy, yet often underfunded. It identifies a split in organizational structures, with some using integrated teams and others employing specialized teams, indicating diverse strategies based on specific needs. Key findings include that 64% of organizations are integrating automated response mechanisms, while only 16% have fully automated their processes. The report highlights that the need for skilled personnel and budget constraints are significant challenges in implementing effective strategies. Additionally, it notes a trend toward increased use of AI and machine learning in threat detection, although many organizations still rely on manual monitoring. The report provides a comprehensive view of current practices and challenges in cybersecurity detection and response, serving as a benchmark for organizations to refine their strategies.