While CISOs and security teams have been doing their best to find creative solutions to the never-ending security talent shortage, the industry continues to struggle to meet the current and future demand. A Cisco report pegged the amount of unfilled cybersecurity jobs in 2019 at 1.5 million.
Nimmy Reichenberg, CMO at cyber security company Siemplify says, “Many have hired IT professionals and setup training programs to provide them with cybersecurity skills, and while this stopgap approach provides some relief, it is in no way a silver bullet. The greatest challenge lies in hiring experienced security professionals, and those can’t be created overnight. You can’t just throw bodies at the problem – in the meantime, organizations need to jump at every opportunity to automate repetitive tasks and make their existing and scarce security teams more productive.”
Nowhere is the skills shortage more prevalent than inside the SOC (security operations center), where the increase in the volume of alerts requiring action far outpaces an organization’s ability to hire skilled analysts. Security Orchestration, Automation and Response (SOAR) solutions are gaining traction to help alleviate “alert fatigue” as they increase the efficiency of existing SOC analysts, helping security teams get more work done.
Below are a few ways security orchestration helps address the talent shortage:
- Orchestration of disparate tools– when you break down the work of your typical SOC analyst, a lot of time is dedicated to “swivel chair integration”, such as copying and pasting results from one tool into another or switching between screens and tools. Security orchestration does more than integrate disparate tools in a single pane of glass (which of course saves precious time), it also eliminates a lot of the specialization that is required to run each security tool independently.
- Automated playbooks– Scalable and repeatable processes for incident response and triageare vital to analyst productivity. Security orchestration lets teams automate the repetitive and manual tasks that are carried out in response to common IOCs.
- Tribal knowledge capture– What’s worse than trying to hire a new analyst? Having your most experienced analyst leave, along with the wealth of knowledge he or she has accumulated over the years. Security orchestration playbooks put the wisdom of your most experienced analysts at the hands of everyone.
- Faster analyst ramp-up– with a structured workbench for the SOC analyst, new hires can execute playbooks practically on day one, with step-by-step guidance on how to proceed with an investigation and clear escalation paths.
- Self-documentation– Nobody “loves” documenting security incidents. Security orchestration allows security analysts to spend more time investigating and less time creating documentation and generating reports with built-in collaboration and case management.
- Bottleneck identification– The best security orchestration platforms include powerfulBI and reporting that let SOC managers identify bottlenecks and act to remediate them, further increasing analyst productivity.