With the threat landscape becoming increasingly aggressive, automation will be key to getting ahead of the bad guys.
The cyber skills problem is far bigger than is being communicated. With large scale malware and ransomware breakouts rolling out with worrying frequency across the globe – from WannaCry to Petya, it begs the question: who is going to protect us?
As dramatic as that may sound, let’s consider the facts. The government relied on the expertise of an external source to trace the kill switch for the threat that knocked out the UK’s critical NHS services. Instead, it was the discovery of a 22-year-old cybersecurity researcher. Essentially, we are relying on the skills of only a handful of professionals to keep our businesses and critical services working. The WannaCry debacle is testament to this.
The cybersecurity skills shortage is no secret, yet there is a continuous and arguably increasing pressure to fire fight against proliferating cyber-attacks while juggling administration and process.
The answer to this challenge is quite simple. We can solve the problem by centralising workflows and automating tasks. This means the security team can prioritise capabilities and more importantly, engage analysts in the work they are trained to do.
Automation can help by enabling teams to efficiently process data and create intelligence to push out to other researchers or frontline defensive tools. Ultimately, if you can cut down on the mundane tasks in a security analyst’s day, they can then focus more time on saving the day.
Life on the front line
If you go to work every day to battle the dark side, it must be frustrating to constantly perform repetitive tasks. Our own employees work hard to find solutions that improve efficiency and time spent doing what they do best: security analysis.
Beyond opinion, there is hard data that speaks to the dissatisfaction in this profession. ESG reports that 44 per cent of security professionals, globally either strongly agree or agree with the statement: “Security professionals are subject to a higher rate of ‘burn out’ from their jobs compared to other IT professionals.”
Automation has been heralded as a key solution to solving the problem of cybersecurity burn out. But that’s not going to work if people aren’t automating often. There is a lack of faith in automation that lacks intuition – it can be perceived more as a hindrance than a helper. This is where intelligence-driven security automation and orchestration come into play.
Saving the day
Cybersecurity teams receive thousands of alerts each day. Despite this, how do you act to minimise the number of alerts, or automate certain tasks so you can spend your time on actual threats? Clearly security teams need to react to threats. But if they are only reacting, they are playing a never-ending game of catch-up. Having a threat intelligence-led security programme where orchestration plays a key part gives an organisation a fighting chance to defeat these ever-changing threats.
Orchestration means teams can create automated and configurable ‘playbooks’ – automated chains of action that are triggered by an event in the network.
Having playbooks means it is possible to tie together specific actions. They can be built to unite other tools like a firewall or a SIEM; take actions in the platform such as sending alerts, take blocking actions, enriching data, or even assigning tasks to people – all through this playbook interface.
You can also create rules in your playbooks. For example, issuing an alert if there is a potentially malicious anomaly from an input source. In simple terms, this means you can automate a huge number of cybersecurity operations or tasks. However, we want to be clear that human intervention is still very much needed. We don’t want to replace humans with machines, which is why orchestration is a term better suited for jobs done by machines, conducted by humans.
Having aggregated and enriched threat intelligence in the same place as orchestration capabilities means the SOC team can be more focused, efficient and effective in responding to threats – all without having to expand the team or buy more tools.
The number of tasks that can be automated is limitless. The more repetitive and manual tasks are eliminated, the more freedom SOC teams can have to work on research, innovation, improvements.
Consider the facts: 66 per cent of British companies are chronically understaffed and do not have enough specialists to deal with the growing online threat, as identified by ISC2. In the face of a chronic skills shortage, you need automation so staff can focus on the value-add and solving high-end national risks.
With the threat landscape becoming increasingly aggressive, automation will be key to getting ahead of the bad guys. An engaged and challenged cybersecurity team, supported by the right tools, is undeniably the first and most important step to effectively mitigating risk.