For the past five years, Brian Kafenbaum and I have run a cybersecurity consulting business, and during that time we’ve seen incredible transformation in the field. The exploding number and growing complexity of attacks has led organizations to spend billions of dollars annually on cybersecurity measures in an effort to keep pace with threat levels. But as we consulted with various companies, we discovered that despite the money being spent, an empty space in the cybersecurity landscape remained—which is why we founded Swimlane.
Organizations have reached a point now with cybersecurity where threat detection is no longer where breakdowns typically occur, because there are a number of high-quality detection solutions available that are quite adept at identifying problems. Instead, security lapses—and the enormous headaches that result—occur most often because businesses haven’t had access to solutions that could occupy the space directly after SIEM or other detection solutions in the security ecosystem. Put another way, organizations are still struggling to carry the ball over the goal line.
To understand how to solve this problem, we have to understand what causes it in the first place. The myriad of detection solutions let security analysts and IT professionals know that a possible attack is occurring. Put simply, “There’s a problem here. Somebody please go fix it.” If you had only five or 10 potential threats coming to your IT team each day, that wouldn’t be an issue.
But as security analysts and CISOs know all too well, today hundreds or thousands of threat alerts with varying degrees of complexity occur on a daily basis. To counteract that volume and sophistication, organizations are utilizing many different security tools. In fact, a recent report from IBM gave an example of a client that was using 85 different security tools from 45 vendors.
Between the growing number of threats and the amount of tools needed to detect them, it’s become nearly impossible for security personnel to manually address each event thoroughly. And when incidents go unresolved, inevitably, some threats slip through the cracks. In other words, the current system is simply unsustainable. What’s needed now to complement threat detection solutions is automated incident response that:
- Brings all security alerts and issues from other security tools into one location
- Provides additional information about events detected using all your existing tools and data sources
- Correlates the cases with threat intelligence
- Rapidly and automatically resolves the less complex, repetitive, manually-intensive tasks—like sending out email notifications to co-workers, generating reports, opening support tickets, etc.—that eat up the majority of security personnel’s time.
These are just some of the critical functions that Swimlane’s centralized security operations management platform provides organizations. Throughout this blog, we’ll examine how functions like security orchestration and security automation can be applied. We’ll also provide some tips and tricks for security analysts; offer businesses suggestions for getting the most out of their cybersecurity budgets, review industry trends and relevant news, and provide insight into how organizations can tackle difficult challenges such as how to retain institutional knowledge when a member of your security team leaves your company. I could not be more excited to engage in discussions with all of you on these topics and more in the months to come.
Please visit our website to learn more about us and connect with us.