Skills, automation and insights

Security skills shortage – is automation the answer?

The skills shortage in IT security, including vital areas such as the channel, isn’t disputed. But might a big part of the answer already exist? We think so.

The latest research from the SANS Analyst Program points to this problem. For example 66 per cent of its survey-takers said a skills shortage is an impediment to effective incident response (IR).

Across the board, SANS and other major analysts, not to mention the channel and organisations dealing with security every minute of every day, point to a lack of vital skills. Faced with this shortage we need to get the most out of the investment we have made in security technology.

We often talk about the sharing of real-time intelligence between products and security systems giving visibility across an organisation’s IT, helping to reduce time to remediate as well as reducing workload. Adding context is a particularly important part of this and automation is at the heart of it and might hold the most promise.

Why is automation so important? It’s because we must accept there is no such state as having perfect protection. Threats are outpacing our ability to staff defences. Indeed, the vast majority (84%) of organisations experienced at least one successful cyberattack last year and most of us are responding to a new attack every 5-10 days. Add to that findings from the Verizon 2015 DBIR report that the time it takes to execute a successful attack is on average decreasing while detection times are going up and we see something of a perfect storm.

Let’s come back to that latest SANS research. Under a section entitled ‘What works’ (note, no question mark) the analyst defines automation as “integrating functions across ecosystems”. What’s most integrated now? SANS says traditional anti-malware/edge protection, logs and behaviour-based scanning. But more can be done.

Widely combining one kind of security with another and automating those processes makes sense. Manually tackling breaches and other security issues usually takes more time and can be much less accurate than automation.

Despite some good news, for example generally time to remediation has fallen in the latest findings, little progress has been made on the automation front, even in obvious areas such as combining endpoint and network data with analytics.

Our message is simply that there are products available that already communicate with each other. Organisations shouldn’t have to feel they need to do everything themselves, often manually.

Against this backdrop – what SANS calls “an increasingly complex threat landscape” – it is clear the right tools, processes and people must work together. Anything that helps address the IT security skills shortage has to be a good thing.

Next steps

The IT security skills shortage is a real issue and can’t be solved overnight. But a more automated, integrated approach to security is possible now. That means a framework of intelligent security controls to reduce the volume of successful attacks alongside an ability to detect and contain breaches before damage is done.

Address more threats faster, with fewer resources… visit us here to find out how.