New Study Uncovers Network Security’s Biggest Challenges

Key findings from Osterman Research reveal some surprises about security staff roles, priorities and pain points at midsize and large organizations

ProtectWise, provider of Cloud-delivered Network Detection and Response (NDR), has released a new report, “The Evolving State of Network Security,” which was conducted by Osterman Research. The study polled 400 security analysts in the U.S., across organizations with 1000 or more employees, about the biggest network security challenges from the inside out—from staffing priorities to the need for specialized roles and the inherent limitations of endpoint security. The survey results found a significantly disproportionate number of security staff versus employees, one for every 1,488 employees at large organizations, versus one for every 189 employees at the smaller organizations surveyed.

“The current security climate poses a number of challenges for organizations of all sizes plagued by an overload of false positives and alerts, on top of having to manage a lot of infrastructure,” said Gene Stevens, Co-Founder & CTO of ProtectWise. “This research tells us that businesses of all sizes are feeling the burn of alert fatigue and are starting to create specialized roles to tackle all sides of security. They are also using threat intelligence to significantly improve remediation times. Simultaneously, we’re seeing a move away from a sole reliance on endpoint products to a combined approach with those same demands now being expected of network security solutions.”

Top Report Findings from the State of Network Security report include:

  • Security hiring does not scale equally at the largest enterprises (over 4,000 employees). The mean number of employees at the largest organizations surveyed was nearly 26,000. These companies had an average of 17.5 security personnel, or one security pro for every 1,488 employees. The mean number of employees at the midsized companies surveyed was almost 2,510. These companies had an average of 13.3 security personnel, or one security pro for every 189 employees.

  • Regardless of organization size, the amount of time spent on identifying and remediating security incidents over the next two years is expected significantly increase. It is anticipated to nearly double for larger organizations. However, more sophisticated organizations that invest in threat intelligence roles are shown to: significantly reduce the volume of security alerts; decrease the volume of false positives; and reduce the time spent on detecting and understanding threats than companies of the same size without the specialized roles. 

  • Large organizations are beginning to invest in specialized roles, but smaller to midsize businesses are lagging in making similar investments. Forty-one percent of midsized organizations surveyed (1,501 to 4,000 employees) don’t have specialized teams compared to 69 percent of larger organizations (over 4,000 employees) that do. The top three specialized roles in large companies include: SOC Analysts Level 1/Event Triage (69 percent); Governance Risk and Compliance (61 percent); and Security Solution Management (52 percent).
  • Security teams within smaller organizations spend more time and resources on triage. Meanwhile, security teams in the largest organizations are prioritizing threat intelligence, forensics and threat hunting.


  • Among various specializations, organizations with threat intelligence roles appear to gain the most significant benefits. Effectiveness seems to increase as teams transition from a simple focus on triage, to triage and threat hunting, finally evolving to triage, threat hunting and threat intelligence. Organizations with a threat intelligence role spend less than 50 percent of time detecting and understanding threats.
  • The type of products used for remediation indicates organizations are evolving their strategies with network security, as large organizations become less reliant on endpoint security. More than 50 percent of organizations are using both endpoint and network security for remediation. The reliance on endpoint-only products decreases as organization size increases.

“Despite the amount of public discussion, the use of endpoint security to remediate security incidents may be more suitable for smaller organizations and/or those with less complex environments, with organizations graduating to network security as the size of the organization, security team and the number of alerts and threats increases,” said Michael Osterman, principal analyst of Osterman Research. “Organizations of all sizes should also look to create specialized roles and consider threat intelligence as a means to keep pace with the evolving threat landscape.”

To see the full results of the survey and download a copy of the report, please visit:
About ProtectWise
ProtectWise™ provides Cloud-delivered Network Detection & Response (NDR). Organizations can achieve defense-in-depth via advanced analytics in Enterprise, Cloud and Industrial environments with real time and retrospective detections. Full-fidelity packet captures, indexed and retained indefinitely, create a perfect, rapidly searchable network memory.  By unifying detections and forensics in an intuitive and immersive visualizer, The ProtectWise Grid™ delivers unique advantages over current security products. The platform integrates with hundreds of existing security products, features the ease and cost-savings of an on-demand deployment model and enables companies to consolidate multiple, disconnected point products.


Founded in April 2013, ProtectWise is based in Denver and led by a team of security and SaaS industry veterans from McAfee, CrowdStrike and Symantec. Register for a free 72-hour test drive of The ProtectWise Grid at