Technology can free analysts from the burden of manual and tedious tasks so they can operate at the highest level of their abilities.
The moving line was one of the best innovations of the industrial Revolution. before 1913, once industrialist put in the first moving line in his factory, cars were designed by humans performing arts manual, mundane tasks. Imagine humans hand painting cars on the plant floor – that was the truth. i might argue that today’s security operations center (SOC) teams are stuck within the 21st century digital equivalent of hand painting cars.
To put it merely, enterprise SOC teams are burned-out from alert overload. The manual and mechanical processes that also exist in several SOCs nowadays are inefficient and fallible. On a daily, SOC analysts are battling against progressively refined and highly-organized attackers. nonetheless they’re ineffectual to perform to their true potential since they’re involved in alert sorting, false neg/pos call trees, chair tool correlation, RSS and email list intelligence. teams pay longer on routine threats and keeping their SIEM up and running than on protecting their organizations from the foremost dangerous, targeted attacks.
It’s time for a SOC revolution. I’ve found that we as an industry have largely avoided the debate of modernizing the security operations process. Maybe the first step is just acceptance. “Yes, it is broken but how do we fix this going forward?” I have a few thoughts.
- People are not the problem. We should avoid simply pointing the blame on security professionals every time there is a breach. This doesn’t help us improve.
- Technology is not the problem. We have great technologies in security and, with the move to data-driven analysis and AI-based defenses, the tools are only getting better.
- Process has some clear flaws. Few want to address this – perhaps because change is too hard. It’s easier to hire additional smart people or adopt a shiny new product to feel like we are moving the needle. For example, how much did Equifax spend on security a year prior to its massive data breach? A report says $250 million – that should be enough to get this right.
Humans are and can probably invariably be the simplest defense we’ve got against cyber threats – notably once they have the correct technology to support them. the stress, again, on the technologies to support them.
We have finally reached the right storm of technology, policy and chance to utterly re-factor security operations with the major advances in ASCII text file big knowledge, AI package and the general adoption of cloud-native services throughout the enterprise. It’s time for us to evolve the method of security operations in order that we’re leverage technology and our greatest humans to form real progress. we are able to do that by that specialize in 3 vital areas.
- Detecting modern attacks.Modern attacks are multipart and multistage, and can last for days or weeks. Adversaries’ patterns—permutation and combination of attack vectors—are large, but modern compute clusters can detect “Hacker Behavior Analytics.”
- Using AI to automate security analysis. Today’s AI technology is capable of determining which alerts represent real hacker activity. Using deep learning/neural network-based learning, AI systems learn and adapt so they can identify the signals of a multipart and multistage attack. This helps security analysts to focus on true threats, not noise.
- Evolving the “predictive SOC.” Imagine a global SOC that can learn from attacks across each organization and deploy AI models to detect the latest threats. Hackers often use the same techniques and tools across attack campaigns. As an industry, we need to get to a place where we are sharing analytics and data (in real time, or near real time) for AI models to predict tomorrow’s attacks today.
It’s time to reimagine security operations. We’re at a time in history when we have the technology to free our analysts from the burden of manual and tedious tasks so they can operate at the highest level of their abilities. Let’s make that happen.