Cybersecurity drivers part 4: Security information overload

This four-part series will tackle four primary drivers that are re-shaping the cyber security landscape and will continue to do so over the next three to five years.

Thus far in this series we have covered how the Internet of Things (IoT), the information security talent shortage and the emerging threat landscape will impact security operations management over the next several years. The fourth and final information industry driver, security information overload, encompasses all three of the trends we covered in earlier installments of the series.

As organizations look to navigate the current threat landscape with a wide variety of detection tools, the number of indicators that the threat intelligence community is processing daily is in the thousands or tens of thousands depending on the number and scale of their threat intelligence sources. Those numbers alone make clear that there is simply not enough time for security teams to manually tend to all the security alerts in their environments, let alone the vulnerability scans, personally identifiable information (PII) events, audit reports and data breaches they currently manage.

And the problem is only going to grow if security operations centers continue to conduct business as usual. Consider that:

• Research suggests 5 million new cyber security professionals will be needed over the next several years, which far outpaces current projections for the number that will actually be available to organizations. That means organizations will likely struggle to fill their information security positions, leaving more work for other team members as information grows exponentially.

• Cisco estimates that the Internet of Things (IoT) will include 50 billion devices by 2020. As such, organizations will be inundated with more indicators as they are charged with monitoring this IP-enabled equipment.

• Most CISOs and CIOs are planning to add even more detection solutions over the next six to 12 months. Whether those tools are SIEM, network forensics, threat intelligence or Web application firewalls, they are going to generate a greater number of alerts.

There are a variety of ways enterprises can choose to approach security operations management moving forward. What this series should make clear, however, is that whatever tacks are taken, they must be vastly different from what has worked up until this point. The fact is, as far as cyber security goes, we have entered a whole new world.

Are you interested in learning more about the security operations management solutions of tomorrow? Click here to read about how your organization can fill the gaps in your cyber security.