Mind The Technology Gap
One of the most popular pastimes in the cybersecurity industry today is lamenting the lack of a skilled workforce. Even the Pentagon seems powerless to attract enough of the top talent it needs to defend its own networks and the nation. There is no doubt we need to place a higher premium on STEM education generally. When there are only two scientists in the entire 535-Member US Congress, there’s definitely a nation-wide problem (contrast this with China, where 8 out of 9 top officials are scientists).
However, when it comes to cybersecurity specifically, the skills gap is really the symptom rather than the disease.
The truth is that we have a massive technology gap, brought about by the failure of our industry to adapt to the evolving threat.
When malware first appeared on the scene, it was primarily limited to self-propagating viruses and worms. Antivirus providers created the first solutions to these infections by developing signatures to help “immunize” computer systems. Later, when malicious hackers learned that they could use the internet to steal information, for a financial advantage, or to generally cause mayhem, malware became more targeted. The security industry eventually adapted by creating specific solutions to these new, targeted threats. The result became the Cambrian explosion of vendors we see today.
Unfortunately, malware has adapted yet again.
Today’s tools are highly commoditized and can be tailored quickly and cheaply to suit an intruder’s needs. The result is that low-level intrusions are automated while high-value intrusions are done personally by expert hackers. Hence, the technology gap.
Rather than try to close this technology gap, as anyone who’s attended a recent RSA conference knows, hundreds of vendors are attempting to sell thousands of point solutions to an over-burdened workforce. We need to stop inundating security professionals and instead leverage technology to unshackle them. Solutions of the future must address both security and the technology/skills gap by empowering users to work much more efficiently. The good news is that an effective process already exists. It just needs to be automated.
Our industry is pretty good at automating detection but there are simply too many solutions for anyone to use effectively. By organizing market-leading detection solutions into a more user-friendly format, orchestration companies are bringing order from chaos. While clearly necessary, this is only the beginning.
The next step in the process will be to automate the entire security workflow process.
Once an intrusion has been detected, someone still needs to manually determine how far it has spread. Currently, this crucial step must still be done manually. However, only after determining scope and progression can a threat truly and effectively be remediated. By automating this entire process, including the critical investigation and containment phase, users can quickly dispense with low-level threats and focus on cleansing their environments of the advanced actors who remain. Additionally, by leveraging automation, a small group of analysts can do the work of a larger team. It’s time to stop complaining about the lack of talent and start enabling your people with the weapons they need.