What Do Cybersecurity Pros Really Want?
I read an article in Security Week a couple of weeks ago that really resonated with me. The central thesis was that security pros (the people who are actually at work protecting our organizations) don’t want a bunch of fancy new security tools with lots of bells and whistles. They want tools that simplify their work to allow them to focus on proactive prevention rather than reactive response. Our experience talking with security leaders aligns perfectly with this conclusion.
The research cited in the report points out a disconnect between what security organizations intend to spend their money on and what they would like to spend their money on.
Spending on What They Can Get. Not What They Want.
According to the article, the research indicates “99% of respondents wish to improve their security posture. 67% of respondents intend to upgrade tools – something they say is being thwarted by integration issues, lack of expertise, and too many tools. Only 35% intend to grow their team numbers (the report does not explain the reason for this, but it may partly be due to the skills gap and cost of expertise).”
On the other hand, the research indicates that where respondents would like to focus is “risk management, followed by incident analysis and threat modeling. This suggests a philosophical shift from reactive to proactive security held back by a lack of resources and existing product investments.” The key observation is at the end: the lack of resources and existing investments.
Routine “Grunt” Work Takes Away From Value-Added Analysis
Another interesting takeaway from the research is something we’ve seen time and time again when we go out to meet with CISOs and Security Directors: routine, low-value tasks consume huge amounts of time for the average SOC team. According to this study, “The three most time-consuming security tasks are patching and reconfigurations (43%), triaging incidents (41%), and noise reduction by removing false positives (40%).” This echoes the point we’ve been making for a while now that alert overload is the enemy of good cybersecurity and, over time, erodes your cyber-resilience.
How Can You Simplify My Life?
Consistently, what security leaders ask me is, “can your solution help reduce my analyst’s workload so we can prioritize fighting real threats?” Or, sometimes, how will your solution make my defenses stronger without adding complexity and requiring additional person-hours?”
And that’s the crux of it. For too long, cybersecurity has focused on creating more and better tools without any real thought about the demands these tools put on SOC teams. The result today is that qualified personnel are in short supply. SOCs are too understaffed to handle the kinds of threat volumes they face regularly. And multiple systems and technologies pile on the complexity, and all need to be managed and maintained.
Be Part of the Solution, Not Part of the Problem.
The real work now is to find a way to make top-quality cybersecurity more manageable and more affordable. After all, not all organizations have access to Fortune 500 security budgets – but in today’s environment, everyone is at risk.”
At SecLytics, everything started with a single technology, predictive threat intelligence, that identifies malicious infrastructure in the set-up stage. But once we took our solution out into the field, we quickly realized that just plugging our data into a SIEM often contributed to the problems with Alert Overload that organizations were already facing.
Maybe we didn’t know it at the time, but as we developed integrations with other systems and intelligence to allow us to automate alert triaging and enforcement automation, it was all about simplifying and streamlining. We also kept working on our capabilities in terms of attribution and correlation, trying to tie everything together. We’ve been working on two major axes: improving the data SOC teams are working with and streamlining their workflow to free up analyst time for real incident response and threat hunting. In other words, being part of the solution and not part of the problem.
There’s still lots to do. We are working with partners to turn one-way integrations into two-way integrations to improve the correlation. We’re working with partners to build enhanced integrations to cover areas like lateral movements within networks, endpoint security, and behavioral network monitoring to strengthen overall coverage. We’re also working with SIEM partners to provide new capabilities within existing SOC infrastructures.
All of these initiatives go back to the request we’ve heard time and time again to“strengthen our protection and reduce our workloads.” This is where SecLytics and the Augur pXDR will continue to focus – at least until the security professionals we talk to every day tell us otherwise.
Find Out How We Help Secure Your Perimeter
Augur, the industry’s only pXDR platform, raises the bar by predicting attacks, attributing attacks, and adjusting your security posture to block threats before they get to your network. But you don’t have to take our word for it.
Take the Augur Challenge:
Step 1: We’ll collect, aggregate, and correlate your logs
Step 2: Within 72 hours, we will send you:
- A list of compromised hosts in your network
- A list of threat actors targeting your organization
- A checklist of IP ranges associated with these threat actors for you to block
Step 3: After 30 days, we’ll send you a full breakdown of how our predictions stacked up
Seeing is believing. After taking our challenge, we’re convinced that you’ll want to put the power of Augur’s predictive threat intelligence to work full time.