Analyst “protest” calls for security automation and collaboration
A survey conducted at RSA Conference 2018 made it known that 55 percent of surveyed organizations “see in excess of 10,000 such alerts,” and “27 percent of enterprise security teams see more than 1 million alerts per day.” Inundated by security alerts and the tedious and time-consuming manual incident response efforts they have to perform because their organization doesn’t use an automated platform, the demand for automation at this year’s RSA conference should not come as a surprise.
If you were at RSA Conference 2019 today, you undoubtedly saw firsthand or heard from someone who saw the mobs of people protesting on behalf of understaffed and overworked security operations (SecOps) teams demanding automation.
Swarming the two entrances of the conference, the group of mock protesters carried picket signs and shouted slogans and changes calling for automation. The 40 “protesters” also distributed pamphlets, titled “The SOAR Chronicle,” containing satirical articles and vignettes extolling the “virtues” of copy/paste, manual incident response and having limited resources.
In the face of a predicted global shortfall of 3.5 million cybersecurity workers by 2021, currently understaffed and overworked security teams are finding themselves buried under a deluge of alerts they don’t have the time or resources to remediate. The increasing labor shortage essentially ensures security teams will struggle to implement many important cybersecurity capabilities, including effective incident response.
Too many organizations are left with limited resources when implementing incident response processes that best meet the specific needs and requirements of unique IT environments. Automation, however, promises to help security teams accomplish more with less time and fewer resources.
Security orchestration, automation and response (SOAR) replaces the slow, manual analyst intervention from conventional incident response processes with machine-speed decision making by combining comprehensive data gathering, standardization, workflow analysis and analytics to provide organizations the ability to implement sophisticated defense-in-depth capabilities easily based on internal and external data sources. When automation and orchestration are combined, security teams can handle more alerts without adding overhead.
Swimlane’s security orchestration, automation and response platform adapts incident response to fit your people, processes and technologies. With Swimlane, security teams are able to automate 80-90 percent of their incident response workflow because the platform adapts quickly to meet your organization’s unique needs, empowering your security team with machine-speed decision making throughout the entire incident response process.
“I’ve worked in security operations for many different verticals, and I understand the struggle that comes with never being able to dig yourself out from under the unending onslaught of alerts and menial tasks. Automation empowers bogged down analysts and shines the light on the real problems in cybersecurity, ultimately allowing professionals to complete more thoughtful tasks, such as proactive threat hunting and more in-depth investigations and analyses,” Cody Cornell, co-founder and CEO of Swimlane.