Story image

Under the spotlight: The tech security people crunch

09 Oct 17

The tenure of an enterprise Chief Information Security Officer (CISO) is said to be less than two years. A change in that position almost always follows a breach that either compromised customer data, or attracted media attention. It is easy to understand if CISOs are focused on threats, risks and compliance. The recruiting, hiring and retaining of skilled employees is quickly becoming an acute challenge, and, in some cases, a competitive differentiator.

  • The eighth Global Information Security Workforce Study (GISWS), which includes feedback from over 19,000 information security professionals worldwide, projects an information security workforce gap of 1.8 million by 2022. This represents an increase of 20 percent from the 1.5 million worker shortfall forecast by the last study.
  • ISACA predicts there will be a global shortage of two million cyber security professionals by 2019. And one of the most in-demand security roles will be security analysts.

However, the numbers tell only part of the story. Precisely as threat surfaces are increasing – think cloud, mobile, IoT – and cybercriminals get increasingly sophisticated in their tactics, techniques and procedures (TTPs). Unfortunately, the supply of “guardians” hasn’t kept up.

Today, finding the right cybersecurity talent has become a serious problem across all industries. A 2017 Cybersecurity Trends report states lack of skilled security professionals is top of the list of biggest obstacles to stronger cyber security (45%), tied with lack of budget!

Too much data, too little information

The combination of a kinetic threat environment and security staff that are overwhelmed and underfunded is that the scope and sheer quantity of data wears down, if not overwhelms, many security teams.

A recent survey found 40.4 percent of security professionals say that the alerts they receive lack actionable intelligence to investigate, and another 31.9 percent report that they ignore alerts because so many are false positives.

Security automation: ROI for your human capital

Better automation is top of mind for many security professionals, in a survey by ESG Research, 72 percent say analytics and operations are more difficult now than two years ago. However, there is a growing acknowledgment that automation- like artificial intelligence- does not replace the need to invest and focus on the human workforce. 

Rather, better orchestrating tasks to be efficient and automating where possible, frees up teams and individuals to do different types of work often of a higher order, and complex and abstract, and more impactful, work for the organisation.

Much can be done to better orchestrate the existing, routine workflows of security processes. Day-to-day SOC operations that sometimes involve ‘manual’ phone and email communications, filling out operations, compliance and incident reports, even the use of spreadsheets, can be better integrated into an automated workflow.

Applied context and threat intelligence can enable security professionals to more quickly focus on the threats that matter, the real Indicators of Compromise (IoC).

Automatic correlation of threat intelligence with indicators and network activity/business context provides a clear line of sight through the noise of alerts. This increases not only the return on your investments in security technology, but also your human capital. At hand, actionable intelligence empowers security analysts and can help make them feel they are making a difference.

Advanced threat analysis automatically populates investigations with historical and real-time contextual intelligence, which makes a lot better use of your experienced security resources. They can quickly isolate network conversations between hosts and connection points of interest.  

As the analyst follows the breadcrumbs of suspicious or anomalous behaviour, looks for potential lateral movement, this data should be carried forward automatically. Effectively, these recordings can be used to instantiate an investigation or forensics report. They can also be used to show management why certain steps were taken.

Effective enterprise cybersecurity has always been about integrating people, processes and technology to reduce risk. Automating security processes goes hand in hand with leveraging staff more appropriately.

The real benefit of security automation where possible has a powerful people component. This is in precisely how effective automation helps you better leverage the skill sets of security professionals and makes them feel more effective and motivated.

Article by Arabella Hallawell, senior director of Product Marketing, Arbor Networks.

Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.