Security analysts have a tough row to hoe, and it’s becoming even more difficult. According to a recent ESG research report, most organizations, in fact 72% of them, feel that security operations and analytics are more difficult today than they were two years ago.
There are a number of factors that are driving the increased complexity and work load for security professionals. Here are four critical areas that the ESG research report highlights:
1) The Evolving Threat Landscape
More than one-fourth of organizations claim that security operations are more difficult today than in the past due to the rapidly evolving threat landscape. In 2017, the number of global Android-based devices surpassed the number of world-wide number of Windows-based platforms, giving cybercriminals a huge number of attack points. “Security professionals already maintain an overwhelming workload and simply can’t keep up with the evolving tactics, techniques, and procedures (TTPs) used by sophisticated cyber-adversaries. This puts organizations on the defensive—and at a distinct disadvantage.”
2) Changes in Government and Industry Regulations
A number of new laws and regulations that impact cybersecurity are emerging, including the NY State Dept. of Financial Services (23 NYCRR Part 500) and the European Union’s General Data Protection Regulation (GDPR). These new initiatives require increased planning, oversight, and documentation from already overburdened cybersecurity teams. As stated by the report, “This increases the number of potential investigations analysts must conduct, adding to the difficulties around security analytics and operations.”
3) An Increasing Volume of Security Alerts
For decades, large enterprises have steadily added more and more cybersecurity tools, policies, and procedures. Unfortunately, each of these produce volumes of additional security alerts. With limited time and resources, security professionals tasked with analyzing the alerts must constantly select which ones to prioritize and investigate, and which ones to ignore. As volumes increase, these analysts must ignore more and more alerts—even those that they would certainly investigate if they had the time.
4) Gaps in Security Monitoring
Alarmingly, the report reveals that “18% of organizations admit that they have gaps in their security monitoring tools and processes, making it difficult to get a true understanding of security across the IT infrastructure.” In reality, the number of organizations with such gaps is probably much higher. Vulnerabilities and threats that are hidden by these monitoring gaps create significant risks for organizations. Without full visibility of all threats, including the context surrounding each threat, organizations are much more likely to experience a major and damaging cyberattack.
Security Automation May be an Answer
The above listed factors, along with many others, are making it very difficult for cybersecurity professionals to keep up. In most cases they just simply can’t. Fortunately, there are new technologies and products that are designed specifically to automate much of the work a cybersecurity analyst traditionally performs. Such tools, when deployed, can significantly reduce the workload, allowing security professionals to focus on high-risk threats and improving their defenses in general.
Learn more and download the latest ESG Report: Fortscale Presidio: Embedded Advanced Behavioral Analytics