Two 2017 cybersecurity trends every security operations professional should know

Key findings of the PwC Global State of Information Security 2017

Every year a small number of landmark research surveys provide insight and understanding to enable more effective cybersecurity protection. The 2017 PwC “Global State of Information Security” report is one of these studies, based on interviews with more than 10,000 business and IT executives. While it’s a broad study, two key findings stand out as critical input for a cybersecurity team.

Key finding #1: Cybersecurity processes require integration, management, and continuous improvement — security orchestration and increased automation are essential

As new and more virulent threats emerge, the effective integration and efficient use of all your security tools is critical. Security orchestration delivers synergy from individual security tools for better protection. Earl Perkins, Security Research Vice President at Gartner echoes this sentiment in an article on Six Trends in Cybersecurity, stating “Security now means taking a holistic approach to all aspects of security”.

Cybersecurity automation continuously improves the productivity and success of the existing cybersecurity team. Using APIs and software-defined security methods (SDSec), security automation allows SecOps staff to operate more efficiently and research a greater volume of alarms, while significantly reducing mean time to respond. It’s a critical priority given the shortage of trained staff expected to address an overwhelming volume of threats. But according to a survey by AlgoSec, only 15% of respondents had highly automated security processes and 33% had little to no automation.

Key finding #2: Increasing use of analytics and threat intelligence

The PwC study also highlights the need to use advanced analytics and real-time threat intelligence to develop a context for understanding risks. The 2016 version of the same report found that 59% of respondents are already using Big Data Analytics to model security threats, showing that security operations are trending in that direction. This context is critical to respond to threats effectively with automated security. And combining case history with and real time situational awareness of new or unique cyber threats makes it possible to determine if isolated events are part of a larger-scale cyberattack and helps orchestrate a faster incident response.

These two key findings only reinforce the need for cybersecurity teams to keep evolving to defend against the latest threats. Orchestration and effective use of threat intelligence are now “must have” tactics to protect your organization. You can get more information on how to effectively deploy security orchestration from this Swimlane use case.