The tenure of an enterprise Chief Information Security Officer (CISO) is said to be less than two years. A change in that position almost always follows a breach that either compromised customer data, or attracted media attention. It is easy to understand if CISOs are focused on threats, risks and compliance. The recruiting, hiring and retaining of skilled employees is quickly becoming an acute challenge, and, in some cases, a competitive differentiator.
However, the numbers tell only part of the story. Precisely as threat surfaces are increasing – think cloud, mobile, IoT – and cybercriminals get increasingly sophisticated in their tactics, techniques and procedures (TTPs). Unfortunately, the supply of “guardians” hasn’t kept up.
Today, finding the right cybersecurity talent has become a serious problem across all industries. A 2017 Cybersecurity Trends report states lack of skilled security professionals is top of the list of biggest obstacles to stronger cyber security (45%), tied with lack of budget!
The combination of a kinetic threat environment and security staff that are overwhelmed and underfunded is that the scope and sheer quantity of data wears down, if not overwhelms, many security teams.
A recent survey found 40.4 percent of security professionals say that the alerts they receive lack actionable intelligence to investigate, and another 31.9 percent report that they ignore alerts because so many are false positives.
Better automation is top of mind for many security professionals, in a survey by ESG Research, 72 percent say analytics and operations are more difficult now than two years ago. However, there is a growing acknowledgment that automation- like artificial intelligence- does not replace the need to invest and focus on the human workforce.
Rather, better orchestrating tasks to be efficient and automating where possible, frees up teams and individuals to do different types of work often of a higher order, and complex and abstract, and more impactful, work for the organisation.
Much can be done to better orchestrate the existing, routine workflows of security processes. Day-to-day SOC operations that sometimes involve ‘manual’ phone and email communications, filling out operations, compliance and incident reports, even the use of spreadsheets, can be better integrated into an automated workflow.
Applied context and threat intelligence can enable security professionals to more quickly focus on the threats that matter, the real Indicators of Compromise (IoC).
Automatic correlation of threat intelligence with indicators and network activity/business context provides a clear line of sight through the noise of alerts. This increases not only the return on your investments in security technology, but also your human capital. At hand, actionable intelligence empowers security analysts and can help make them feel they are making a difference.
Advanced threat analysis automatically populates investigations with historical and real-time contextual intelligence, which makes a lot better use of your experienced security resources. They can quickly isolate network conversations between hosts and connection points of interest.
As the analyst follows the breadcrumbs of suspicious or anomalous behaviour, looks for potential lateral movement, this data should be carried forward automatically. Effectively, these recordings can be used to instantiate an investigation or forensics report. They can also be used to show management why certain steps were taken.
Effective enterprise cybersecurity has always been about integrating people, processes and technology to reduce risk. Automating security processes goes hand in hand with leveraging staff more appropriately.
The real benefit of security automation where possible has a powerful people component. This is in precisely how effective automation helps you better leverage the skill sets of security professionals and makes them feel more effective and motivated.
Article by Arabella Hallawell, senior director of Product Marketing, Arbor Networks.