Some interesting stats published recently by ITProPortal revealed 55% of technology and security executives said that they intended to increase their cybersecurity budgets by the end of the year. Approximately the same proportion (51%) of respondents revealed that they also planned to increase their number of full-time security professionals in that period.
The challenge for organizations is to make sure they can balance staffing availability with the investments they are making in technology. Having the right tools is one part of the equation, but it needs to be balanced by assuring the investment in those tools is maximized by having the right level of staffing with pros who have the right skill sets.
The problem with the skills gap is that it complicates an organization's overall security efforts, making it more difficult for security personnel to weed through things like false positives so that they can defend against legitimate security concerns.
What This Means for the SOC
Greater cybersecurity spending doesn’t automatically improve an organization’s security posture. We see this by examining the challenges confronting SOCs (Security Operations Centers). Per Security Boulevard, many SOCs today are struggling to find a balance between human analysts and technology. It’s particularly challenging when SOCs rely too much on their human personnel. Such a strategy overemphasizes manual investigations at the expense of tooling.
This exacerbates another problem pertaining to data silos: most organizations’ infrastructure consists of diversified network environments that include endpoints, cloud workloads, application suites, and a range of other devices and systems. These environments might be distinct in some respects, but they’re not when it comes to the threat from attackers, as malicious actors can launch offensives that abuse multiple environments for lateral movement and/or data exfiltration.
Subsequently, security teams can’t rely on traditional tools to safeguard their environments - solutions like SIEM and SOAR just aren’t capable of providing visibility into sophisticated attacks across all of the diverse assets in a modern IT ecosystem.
Infosec personnel need a way to correlate telemetry from multiple environments and bring that data together into a unified view. Doing so manually won’t work. It’ll take too much time, and it’s prone to errors that could misinterpret the security threats confronting an organization.
Indeed, ESG found that 38% of organizations struggle with filtering out noisy alerts as part of their day-to-day security data management programs. That’s just slightly more than the proportion of organizations for which collecting, processing, and contextualizing threat intelligence is a problem at 34%.
Security teams in those organizations are, therefore, forced to manually triage and investigate all alerts (including potential false positives) while they waste time trying to figure out what’s going on across their employer’s infrastructure instead of being able to readily answer the question, “Are we under attack?”
These issues are taking a toll on the SOC analysts themselves. The SANS Institute noted that 60% of SOC analysts found their jobs to be so stressful that they were considering leaving their jobs or changing careers altogether.
Part of that problem is visibility. About two-thirds of individuals on a SOC team said that they continually struggled with limited visibility into their organizations’ attack surface, with 40% of participants estimating that their organizations’ mean time to resolution (MTTR) spanned months.
More Analysts Isn’t Necessarily the Answer
Organizations can’t solve the problems discussed above by hiring more analysts. Doing so will just emphasize manual processes even further, thus perpetuating a security approach that doesn’t work. They need to invest in the right tooling to amplify the skills of their existing personnel.
Many IT and security professionals are particularly hopeful about XDR (Extended Detection and Response). More than half of participants in a recent survey told ESG that they felt XDR “could play a role in improving current security analysts’ capabilities, integrating with SOAR for security operations process automation, and integrating with DevOps processes to add security to the CI/CD pipeline.” XDR could thus help to modernize and automate an organization’s security processes.
Why? Because the algorithms that power XDR can evolve with the changing threat landscape, they can allow complex attack operations to be identified at the earliest stages, and XDR allows them to automate responses for a faster mean time to remediation.
The AI-Driven XDR Advantage
An AI-driven XDR solution enables organizations to embrace an operation-centric approach to security that delivers the visibility organizations require to be confident in their security posture across all network assets, and the automated responses to halt attack progressions at the earliest stages.
An AI-driven XDR solution should also provide Defenders with the ability to predict, detect and respond to cyberattacks across the entire enterprise, including endpoints, networks, identities, cloud, application workspaces and more.
Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about AI-driven Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.