Many organizations struggle to staff and maintain security operation teams due to a serious shortage of skilled security analysts. The struggle isn’t just about filling open roles; it is equally hard to drive the needed productivity of the resources already in house to make sure the alert that matters doesn’t go unnoticed.
Both new and existing security personnel can’t keep up with the exploding number of alerts and struggle with correlating information generated by disparate tools to understand the full scope of an attack. As a result, time is wasted on manual correlation and analysis, and more experienced analysts on the team have less time to focus on investigating and responding to the advanced incidents that put the organization most at risk.
In fact, 93% of security operation center (SOC) managers are unable to triage all potential threats and are unable to sufficiently investigate 25% of their security alerts.[i] It is no surprise that we continue to see breaches and their damaging business impact rise year over year. If we don’t enable the security analysts protecting our organizations with the right technology, we will never get out of this arms race.
With the massive expansion of the attack surface area, the shortage of security teams, and the exponential increase in threats, security technology must enable our human resources to work more efficiently and effectively. Technology must become a force multiplier - so that no matter how many people are in the security operations team, one part-time security analyst or 20 FTEs in a follow-the-sun model, they are empowered to find the threats that matter most – before they damage the organization they are defending.
So, how can organizations dramatically increase the productivity of the people they have? How can they deploy technology to help turn junior analysts into senior analysts, and senior analysts into true “threat hunters”? Making any analyst – from novice to hunter – more impactful and efficient at their jobs is imperative to help close the human skills gap.
Organizations can achieve these impacts through the intelligent application of force multipliers – strategies that make analysts more effective and efficient.
- Automate the threat detection process with advanced analytics, comprehensive threat intelligence, and optimized incident workflows. This ensures that security analysts focus on the real threats lurking in the sea of an organization’s data, and respond swiftly and efficiently.
- Broaden the visibility across an organization’s IT infrastructure to include all meaningful sources, including logs, packets, netflow, and endpoints. This allows analysts to correlate multiple indicators of compromise (IOCs) to view the full scope of an attack, and to reconstitute full sessions to see what really took place.
At RSA, we’ve developed an integrated tool set designed to make security analysts more efficient and effective, with much faster incident response. It’s like multiplying existing security staff.
To learn more, visit: RSA NetWitness® Platform
[i] Source: “Information Security Strategies in the Age of Zero-Day Threats,” Gatepoint Research PulseReport commissioned by RSA, April 2017
Author: Amy Blackshaw
Category: RSA Point of View, Blog Post
Keywords: SOC, Threats, Threat Hunter