In my last blog, Many Factors Increasing Security Analyst Workload, I touched on some of the industry trends and external forces that are impacting security in the enterprise and increasing analyst workload. Today, we’ll discuss three things identified by a recently published ESG Research report that organizations can do to help meet these ongoing challenges, and bring hope to your overburdened security staff.
In the past, organizations typically addressed increased security threats by making incremental changes such as hiring more staff and adding new security analytics software. Unfortunately, this approach is no longer effective. With the significant shortage in skilled security professionals, adding more systems, processes, and technologies is only increasing the burden on an already overworked security staff. With the number of different and often disjointed security products in the average enterprise today, we’ve reached a critical stage where it’s nearly impossible to manage all of the different products, technologies, and platforms.
Something has to change. Instead of adding more cybersecurity products, organizations need to take a more strategic and holistic approach toward cybersecurity operations improvement. As revealed in the ESG report, this strategy should include the following:
1) Advanced Behavioral Analytics
“Over the past few years, cybersecurity analytics and operations technologies have been greatly enhanced with new artificial intelligence (AI) and machine learning (ML) capabilities. These advances monitor behavior, calculate baseline usage patterns, and then detect anomalous behavior. AI and ML hold great potential to help the SOC team collect, curate, process, analyze, and operationalize massive amounts of security telemetry to accelerate threat detection and structure the right actions for rapid incident response. Given this potential, organizations should dedicate resources for researching, experimenting with, and deploying advanced analytics to help address today’s limitations around scaling security operations tasks.”
2) Simple Integration with Existing Security Technologies.
“Some security organizations may see AI’s cybersecurity potential but remain reluctant to deploy yet another tool requiring already overutilized resources. Rather than installing yet another tool, smart CISOs will look to add AI and machine learning capabilities to existing cybersecurity technologies as a way to bolster their efficacy, efficiency, and ROI. For example, ML can be added to authentication tools to detect compromised user accounts or shared administrator credentials, and AI can be used for Active Directory audits to spot rogue account creation or privilege escalation. To make this vision a reality, AI and ML technology must be built for easy integration with the right APIs, analytics, and outputs that provide short-term time to value.”
3) Focus on Process Automation
“Today’s analytics tools can present a variety of suspicious data points across endpoints, networks, and cyber threat intelligence. But unfortunately, they can’t piece this data together into a meaningful context. This lack of vision can only be overcome by experienced human security analysts who pivot from one tool to another in an effort to create a complete picture. This is where advanced analytics can play a starring role by collecting, modelling, and analyzing various data sources to transform discrete security alerts into an end-to -end threat detection analysis, thus eliminating hours of human intervention from security investigations. Furthermore, high-confidence advanced security analytics can be used to generate rules, fine-tune security controls, and automate some remediation tasks. Once again, this can free up senior security analysts to focus on higher priorities.”
By focusing on these three areas, enterprises will significantly improve the effectiveness of their SOC team without increasing security operations complexity or costs.