The Three Top Reasons Why We Need a Better Approach to Threat Detection and Response
Despite the fact that in 2016, President Obama directed his Administration to implement a Cybersecurity National Action Plan, with the intention to spend over $19 billion on technologies that ostensibly block or detect threats, the number of breaches just keeps growing. Experts point to many reasons why. The approach of spending more money on more non-integrated, security products, isn’t working. And though we are all in agreement that its time for a new approach, the search for solutions continues to be hindered by a number of challenges. Here are a few.
Threats are Not Detected Early Enough
The layered approach to cyber security just isn’t working. We are going hand-to-hand in the skirmishes, but never winning the war. While the goal is to be thorough, cracks still persist. Meanwhile the crux of the problem remains in the hands of analysts. And even the security solutions that hope to close the gaps, such as SIEM rules and Security Analytics, are very hard to use and don’t come close to identifying the complete storyline of complex threats.
Instead, we need a security solution that provides a “holistic approach,” one that looks at the big picture across multiple dimensions at once in order to identify complex threats as early as possible. This is the only way that we can respond as quickly as the hackers are deploying new attacks.
We’re Chasing Too Many False Positives
Just when the threat is greatest, our security analysts are getting bogged down chasing an endless flow of false positives. The result is hundreds or even thousands of alerts each day. And each alert must be reviewed. Who can do all that? Especially when a good number of them are false positives. The result? Alert fatigue. Meanwhile, as our analysts are scrambling to do what they can, real attacks are still getting through.
Organizations need a multidisciplinary solution. If the security team is presented with the entire attack chain laid out clearly, they can then do their job, which is to assess the impact, stop the threat and prevent that same type of attack from happening again.
There Just Aren’t Enough Analysts
According to ESG research, 46 percent of organizations say they have a “problematic shortage” of skilled cybersecurity analysts in 2016. By comparison, 28% of organizations claimed to have a “problematic shortage” of skilled cybersecurity analysts in 2015. That is an 18% increase, year over year.
As the number of threats has increased, the need for highly skilled security analysts has expanded as well. However, there just aren’t enough analysts with the specialized skills of Tier 2 and 3 in the marketplace to meet the demand. And the problem doesn’t look like its going to get better anytime soon.
Integrated and Simplified—The Only Way To Go
So what is the solution? We must simplify our security operations by reducing the number of tools we employ, and the number of alerts that need to be investigated. We need technology that automates the investigation process, not only to improve each analyst’s productivity, but also to allow junior analysts to be effective at their jobs.
The future of cyber security will be in the integrated solution: technology that can be easily deployed, that views the entire system as one entity and that can provide a clearly defined picture of the threat. This will allow our analysts to stop chasing false positives and to instead concentrate on winning the battle in cyber security.