This four-part series will tackle four primary drivers that are re-shaping the cyber security landscape and will continue to do so over the next 3-5 years.
We have reached a moment in time when many IT security teams are barely staying afloat as they attempt to manually review and resolve thousands of security alerts, alarms and incidents every day. But this is just the tipping point. Even those rare organizations that are keeping their heads above water now will almost certainly drown in the near future if they don’t immediately start doing things differently. In other words, the old methods for managing security are rapidly becoming unsustainable.
The rise of the Internet of Things
The proliferation of the Internet of Things (IoT)—a large interconnection of IP-enabled devices that have operating systems and firmware and thus vulnerabilities and configuration issues—is one of the primary drivers that will exponentially increase the IT workload and transform the way we must conduct security operations management moving forward. Regardless of the vertical your organization occupies, the IoT and the “Big Data” it generates have so many potential uses—from smart electrical metering to HVAC systems and wearables— your organization is almost certainly going to invest in IoT projects at some point in the near future, if it isn’t happening already.
In fact, GE’s Industrial Internet Insights Report for 2015 found that 73 percent of industrial enterprises (revenues of $150 million or more) are already allocating more than 20 percent of their overall technology budget to IoT big data analytics. Furthermore, Gartner’s Senior VP and Global Head of Research Peter Sondergaard recently speculated that individual enterprises could be dealing with hundreds of thousands of new connected devices in their environments over the next several years.
Quite simply, an abundance of online devices means more connections to scan for vulnerabilities, monitor for compromises and protect from attacks—that is an unavoidable reality for IT security teams. With analysts and managers already dealing with thousands of alerts every day, IoT growth will exacerbate the challenges these professionals already face.
A growing need for automation
Just as it‘s been in other industries, automation will be one of the keys to increasing efficiency in enterprise SOCs. For instance, an automated incident response system can identify and resolve low-complexity, high-volume tasks with little to no human intervention, leaving expert security personnel with more time to handle the more nuanced and complicated issues. That is critical, not only because more devices will create more tasks, but because attacks are growing increasingly sophisticated.
Additionally, if that same platform can centralize information from existing security tools, it streamlines operations by limiting the number of tools that analysts use to initially triage alerts. And if the platform can capture processes for standardization and reuse, it further increases productivity by reducing duplicative work.
The aforementioned GE report noted that 89 percent of respondents feel that companies that do not adopt Big Data analytics risk forfeiting market share. Even the U.S House of Representatives has formed a caucus to further explore the evolution of connected devices and their impact on our future. With the IoT expanding rapidly—and a sea of new challenges rushing in—now may be the ideal time to check in with your CEO or CIO to see how many connected devices might soon be introduced in your environment.
At that point, you can decide if you feel prepared for the future.
Be sure to check back on this blog next week for Part II of the series, “The Talent Shortage”