Incidents getting critical? Here’s why visibility matters to cloud incident response
New research from the leading SIEM vendor, Splunk has found that 66% of organizations are struggling to cope with IT incidents, as they deal with an average of 1,200 events a month. Of those incidents, five per month were described as ‘critical’, with slow detection times meaning that the average cost to restore normal services was more than $140,000 per critical incident – or put another way, over $700,000 per month.
One of the key reasons cited by IT teams for those slow response times was a lack of visibility across their organization’s networks, with 80% reporting that they had blind spots in the network. The report also revealed a correlation between the number of organizations that admitted to having blind spots, and those which felt they could improve their response times, with 80% also admitting they could improve their Mean Time to Detect (MTTD) for critical incidents.
When visibility is poor, incidents that could otherwise be quickly remediated can escalate, and the follow-on effect is that resolution times also increase and become more resource-intensive. What’s more, it becomes difficult for IT teams to prioritize events and determine which are critical, and which can be dealt with later.
The report highlighted that the complexity of IT systems and the tools that monitor them leaves many organizations without an adequate, holistic end-to-end view of their IT infrastructure. However, if the visibility issue is addressed, IT teams will find it easier to pinpoint the issue, determine the root cause and rectify the problem quickly, before it grows and spreads.
Improving visibility will also mean that IT staff can access data from areas of infrastructure beyond their own remit. But they need help to see through the noise; according to the report, “Having tools that can provide good visibility of IT infrastructure leads to faster detection and investigation of incidents, and improves root cause analysis.”
When the cloud obscures visibility
The visibility issue is exacerbated when it comes to the cloud. According to Splunk’s report, traditional on-premise networks is where visibility is clearest, but it’s at its lowest in next-generation technologies including cloud environments and containers. And as a result only 2.5% of respondents reported having full visibility across the entire IT infrastructure.
This supports the findings of our recent Cloud User Survey, which found that 88% of respondents said that poor visibility into their public clouds has already caused them to suffer negative outcomes. Without the right tools, visibility issues will only increase as infrastructures become larger and more complex.
And with recent research finding that 90% of organizations now use cloud within their IT infrastructure, and 69% plan to adopt a multi-cloud strategy by 2019, it’s clear that IT teams will need full visibility into all areas of the network in order to enable them to deal with incidents efficiently.
Getting a clear view of critical incidents
To achieve this, organizations require effective cloud visibility solutions that run alongside and support security information and event management (SIEM) tools. This enables faster detection times, quick investigation and root cause analysis, and drives down the time and costs of dealing with incidents.
That’s why Ixia introduced its cloud visibility platform, CloudLens, which is unique in giving a clear end-to-end view across all your cloud environments – whether they are public, private, or hybrid. CloudLens captures and processes the packet-level data that all your environments’ security, monitoring and analysis tools need to support and enable quick, decisive action to mitigate the impact of incidents.