To security analysts, we’re stating the obvious, but for those of you who may not know, there is a serious shortage of skilled security workers. Data junkies need look no further than recent analysis, such as the Cisco 2014 Annual Security Report, that points to a worldwide shortage of skilled security professionals. The daily working lives of security analysts are affected by this shortage, and one of the biggest obstacles they face is the backlog of security incidents generated as part of their incident response plans.
The backlog stems simply from network security devices that are just doing their jobs. Security incident and event management (SIEM) tools and other network monitoring devices continuously report incidents to analysts that require attention. Security analysts must review each incident on a case-by-case basis and then qualify, verify, decide, and otherwise act on every one. The average time spent on incidents ranges from twenty minutes to an hour. With the amount of hands-on time required and the shortage of skilled staff, it is virtually impossible for security analysts to tackle the backlog.
Automated threat response strategies can help. With the constant influx of new incidents, analysts are continually faced with common yet critical tasks that they repeat regularly—tasks that can be addressed in real-time once repeatable patterns are identified. Pulling data from SIEM devices allows security teams to identify those repeating patterns and automate processes that can be outlined, recorded, and orchestrated for automatic threat response. Such strategies save analysts countless hours by reducing time spent on manual tasks and shrinking the backlog on the fly.
Automating threat responses also supports faster time to attack remediation, which further reduces the backlog of security incidents and decreases the risk to network and data assets. The use of real-time orchestration technology lessens the load on an already over-burdened security team and allows analysts to keep pace with the increasing number of incidents threatening the network. Coordinating routine and repeatable tasks for automated responses gives security specialists the time they need to conduct the appropriate threat analysis for which they have been trained.
While the rest of the market waits for the skills gap to shrink—while students pursue STEM- and security-centric degrees and workers update their resumes with current security training and certifications—analysts can roll out an automated threat response strategy to reduce incident backlog and focus their considerable skills on preparing for the next big attack.
By Paul Nguyen, President of Global Security Solutions at CSG Invotas
About CSG Invotas
CSG Invotas is a business purpose-built to provide security orchestration and automation solutions for real-time management of large security ecosystems. Invotas builds upon CSG’s proven solutions and expertise to support the mitigation and eradication of cyber attacks across complex enterprise environments.
CSG Invotas allows organizations to mature their automation capability and fundamentally change how they do security. Organizations are able to shift from a purely operational/tactical focus on incident response, to a strategic focus based on the business value that security brings to the enterprise. It represents a full-stack security orchestration solution.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.