Security Operations Efficiency is Not Gained Through a Patchwork of Expensive Security Tools

Cloud, mobile, social media, IoT and big data have profoundly expanded the attack surface in the latest cyber super cycle, and it’s no surprise organizations continue to increase the number of tools in their security infrastructure. Also no surprise is the amount of cyber security spending growing at over a 29% CAGR (Momentum Cyber) yet organizations are barely keeping up with the increasing threat landscape.

Efficiency has become the most sought-after outcome for security operations teams. The ideal state is a self-learning environment with automated analysis, triage and remediation. Full attainment of this ideal will likely forever remain out of reach, however incremental improvements in operational efficiencies can be achieved. Nevertheless, unknowingly, many security operations teams seeking improvements move in an opposing direction, negating the efficiencies they were aiming to gain.  

Too many tools that are not integrated are creating a new problem. Why? 

Triaging events involve several repetitive low value tasks that grow exponentially with each new alert.  Human error and oversight increase as the backlog of alerts pending triage grows. Even with a SIEM in place, triage will still involve manually logging into multiple systems to gather additional information. Adding more staff won’t help, even if you can find skilled resources to hire. According to recent studies, there is a cyber security talent gap that exists across the entire country, where security staffing shortages are currently at approximately 747K (Momentum Cyber 2018 Almanac) and projected to hit 1.8 million by 2022 (Frost and Sullivan Executive Briefing, Center for Cyber Safety and Education 2017 Global Information Security Workforce Study, Benchmarking Workforce Capacity and Response to Cyber Risk).

“There is no silver bullet in cyber security," says Dave Dewalt, Executive Chairman, Momentum Cyber and Vice Chairman, Optiv. "An efficient integration of people, process, and technology is essential to defend against today's ever-increasing threat landscape.”

How does an enterprise get out of this cycle of adding disparate tools and a growing backlog of alerts? To overcome these problems, security operations teams must focus on technical and operational efficiencies. Efficiencies can be gained in different ways and to varying degrees based on the approach taken. 

For example, technical efficiencies can be gained by keeping the existing solutions in the environment up-to-date and utilizing the new feature sets that manufacturers have introduced, namely machine learning. 

Optiv and Momentum Cyber recently published a white paper to help readers understand the approach to both types. Download the white paper to learn which incremental improvements in operational efficiencies are well within your reach.