“Even though cybersecurity has been put under the microscope, and in spite of years of experience and cybersecurity investments, organisations continue to struggle with security analytics and operations,” states Arbor Network’s territory manager for Sub-Saharan Africa, Bryan Hamman.
He is referring to the ESG Survey, titled ‘Cybersecurity Analytics and Operations in Transition’ (April 2017), which showed that IT and information security professionals are facing challenges such as:
– “The cybersecurity team at my organisation spends most of its time addressing high priority/ emergency issues and not enough time on strategy and process improvement;”
– “It takes too long for my organisation to remediate a security incident”; and
– “We don’t have the appropriate skills or staff size to keep up with all of the tasks associated with security analytics and operations.”
“Chief information security officers are desperate and need to find efficient tools that can help them improve the efficiency and effectiveness of security analytics and operations. This is especially in light of the fact that the survey showed that almost three-quarters of cybersecurity professionals surveyed believe security analytics and operations is more difficult than it was two years ago, for several reasons,” notes Hamman.
The reasons given by cybersecurity professionals include that the threat landscape is evolving and changing so rapidly, making it difficult to keep up with trends that they are required to understand for security analytics and operations.
In addition, there are gaps in security professionals’ security monitoring tools and processes, so it is difficult to get a true understanding of security across the entire internal and external IT infrastructure.
Furthermore, these professionals have made it known that they don’t always have the right skills to keep up with security analytics and operations – a problem more pronounced today than it was two years ago.
And then, on top of this, many organisations are still relying on manual processes and individuals to aggregate and analyse cyber threat intelligence.
“This points to a definite need for integrated threat intelligence that can help organisations automate and orchestrate security investigations and remediation tasks,” says Hamman. “Particularly with priorities in companies ranging from integrating external threat intelligence with internal security data collection and analysis; correlating and contextualising security data using the output from two or more tools; and having the ability to actively look for security problems on networks and endpoints.”
Hamman explains that utilising a common, shared data source promotes a smooth collaboration between the network and security teams. The result is faster time to detection and investigation of advanced threats.
“For the first time, network and security teams have access to both real-time and historical network traffic from a single dashboard, giving them the Smart Data required for the rapid detection and investigation of advanced threats hidden on the network. Cybersecurity does not have to become more complicated – it’s a matter of being smarter and outwitting technology with technology,” concludes Hamman.
By Bryan Hamman, Arbor Network’s territory manager for Sub-Saharan Africa.