Stop overextending your cybersecurity staff
- By Cody Cornell
- Aug 03, 2018
The proliferation of connected services and devices continues to transform both our professional and personal lives, but these valuable tools are also exerting unprecedented pressure on cybersecurity for organizations across government and industry. The rapid adoption of “smart” products — coupled with an explosion of hacks and breaches — has resulted in a critical shortage of skilled cybersecurity professionals.
When those positions go unfilled, the risk of breaches increases due to a lack of basic security hygiene, like routine patching and maintenance, and an inability to respond to alarms fast enough, if at all. Unfortunately, this vicious cycle isn’t going to end anytime soon. The Global Information Security Workforce Study from the Center for Cyber Safety and Education, predicts a shortfall of 1.8 million cybersecurity workers by 2022 — a 20 percent increase from 2015. And this is more than just an inconvenience for IT departments — one study found the shortage is doing “direct and measurable damage” to organizations' operations.
Because of this tech talent gap, finding ways to improve the reach and efficiency of existing cybersecurity IT staff is a critical requirement that can benefit nearly any enterprise.
Automation technologies can increase operational efficiency within an organization's security program and have a significant impact on staff utilization and effectiveness. These technologies enable security teams to better leverage new tools to automate appropriate parts of their jobs, freeing professionals to focus on the significant items that need immediate, in-depth and hands-on attention. Today’s security orchestration, automation and response (SOAR) technologies can create a more-streamlined process for detecting and responding to cyberthreats, making any size staff more efficient and effective.
Responding to the flood of common potential incidents like email phishing attempts often consume far too much time for stretched cybersecurity professionals, despite not being real-time, immediate threats. Combatting cyberthreats requires companies and cybersecurity professionals to work smarter, not harder. It's vital to reduce the number of labor-intensive manual tasks and shift minor — but important — alerts into automated workflows to triage, investigate and resolve security incidents quickly and accurately.
Because there appears to be no end to the onslaught of attacks or the ever-increasing level of sophistication by bad actors, new cybersecurity approaches that leverage automation are quickly becoming must-have solutions. Solutions that integrate people, processes and technology together allow organizations of all sizes to supply security teams with the resources they need to detect and display actionable alerts more effectively so that they can truly focus on the most immediate concerns.
Instead of merely triggering one discrete remediation action after another, security teams should work to formalize, document and automate their standard operating procedures (SOPs) to the fullest extent possible. By aligning automated actions with runbooks in an easy and intuitive way, the ability to automate analyst activities -- such as triage, prioritization and investigation -- is unlocked and significant efficiencies quickly emerge. From data collection and consolidation to analysis, investigating incidents, communicating results and taking an appropriate action, getting the job done involves executing the process and integrating with the right technology tools to make it happen in the most efficient way possible.
Let your professionals do “real” work
With the shortage of cybersecurity professionals, employees are often wasting their time and training performing time-consuming, repetitive tasks. While thwarting phishing and other attacks may be interesting, large parts of the incident response process can be tedious and don’t leverage the extensive training that most SecOps professionals have received. By giving them the tools that automate the “basic” parts of their job, organizations can refocus scarce employee time and apply their skills to bigger problems to achieve deeper, more effective results.
For example, in a typical incident an analyst receives an alarm and initiates a manual incident response process, frequently accessing multiple systems to investigate and ultimately respond. Many of those steps include basic activities like cutting and pasting data from one system to another and manually opening IT trouble tickets to initiate and document specific activities. While these steps are necessary, they’re time-consuming processes that can easily be automated, allowing analysts to focus on tasks that truly require human oversight. Employing standardized automation ensures that the right sequence of actions during an incident response workflow will be triggered correctly, enabling faster and more consistent threat management.
Using automation to free up your existing cybersecurity staff up to do skilled work will naturally increase that team's productivity — and the likelihood the team members will want to remain with your company when they’re inevitably met with other job offers. While automation will likely never be able to completely remove people from the incident response process, it helps security pros to focus on critical areas and more effectively investigate and remediate threats. By relieving SecOps staff from a significant part of the manual burden tied to traditional incident response, they’ll have more time to focus on proactive security work, like threat hunting, instead of constantly swatting at a never-ending stream of alarms.
As the overhead required to perform information security continues to grow, filling the demand for qualified and experienced cybersecurity staff will continue to be a significant challenge for organizations. Optimizing your incident response processes by streamlining workflows, automating unnecessary tasks and freeing up SecOps staff to perform more expert level work allows you to improve the efficacy and value of your IT department — even during a staffing shortage.
Cody Cornell is the co-founder and CEO of Swimlane, a firm specializing in security automation and orchestration.