Peas in a Pod: Analyst Efficiency and Continuous Innovation

July 10, 2023

Organizations are battling cybersecurity threats with a combination of security teams, security tools and a multitude of other investments. Yet, they still wonder why they are not secure.


It starts with analyst experience and efficiency
A streamlined analyst experience is crucial because it delivers more efficiency and helps keep your organization secure. The two main problems that need to be addressed for efficiency and security are: finding the right tech and having the analyst understand how to leverage their current skills to understand what they’re looking at, and then they can figure out how to formulate an appropriate response.


Not every analyst is an F1 driver, so if you put them in an F1 car they may not know how to leverage their current skillset in such an advanced environment. Creating a security approach that can perform at an F1 level and can be driven and operated by analysts of all skill levels is paramount.


For efficiency, first take stock of where your analysts are spending most of their time. Allow for an open conversation on what the analysts feel would improve their effectiveness. Chances are they might have a platform that is monitoring crucial assets and firing high-priority alarms. How long does it take the team to identify which alarms require investigation? If the prioritization accounts for a large chunk of time, perhaps some tuning services could save more time while limiting risk of false alarms.


Ongoing security maturity consulting services are another very effective way to ensure you have added expertise to help uncover options to increase efficiency without adding to tech sprawl.


A full-fledged feedback loop is crucial
For clients and security vendors alike, partners are critical to getting the whole picture and completing the feedback loop. Feedback on a certain part of the tech stack is valuable, although having a security consulting partner by your side is immensely powerful.


I've often known customers to underutilize their security partners simply for purchasing assistance. Leveraging a security partner that can look at your tech stack as a whole and has mission-critical knowledge of most (if not all) solutions, their strengths and weaknesses can be a huge efficiency driver.


Having a clear feedback loop from client to partner to security vendor also helps boost the value of a security vendor's innovations by understanding the problem from multiple angles. The questions to ask are: “How can we lower MTTD and MTTR How can artificial intelligence (AI) help increase efficiency?” Analysts need a clear understanding of what they're looking at and a clear methodology of response. AI can help close the skills gap with your analysts by aiding evaluation and triaging of security indicators.


Leverage key integrations towards “innovation by collaboration”
Taking a step back and thinking about what outcome the integration is providing is key. Some integrations are filling a "want" bucket, while others can totally change the way a security operation center (SOC) collaborates across platforms. Understanding how users are leveraging integrations is a critical starting point.


If an integration is designed to accomplish one outcome, but it's really creating more work for the analyst, what's the point? Often, some of the best integrations start with an outcome in mind and work backwards. That is the best way to utilize complimentary technologies as a form of "innovation by collaboration." Working with partners and leveraging generative AI, creating a SOC of integration and getting platforms to talk to each other makes the most out of what you have.


Plan out how emerging technologies can help your security team
Generative AI and advancements in machine learning are already changing the game in all areas of technology. Both technologies enable the analyst to provide human descriptions of very complex scenarios. This helps make sense of security insights for analysts of all skill levels and can drive efficiency and innovation if utilized correctly. Generative AI will also help with building new integrations where you might not have had the skills to do so. The progression of generative AI is truly a “before the internet” and “after the internet” paradigm shift that is changing the game for everyone.


Partners and vendors should jointly align with your current and future business goals
Vendors should work to be a dedicated partner who understands the organization’s business and future goals. Building a solid vendor-customer partnership delivers more than great customer service. A great vendor will help with quick training and transfer of knowledge during periods of high turnover, and they should be suggesting solutions and innovating instead of simply responding to issues. Partners should be an extension of the organization’s business and have expertise in the area with knowledge to fill the gaps that the organization lacks. A collaborative relationship and frequent communication are immensely helpful for all parties.


Organizations should also take notice of the partner’s approach to understanding their business. Find a partner who understands the vision of the SOC and what you're trying to achieve. Every business is unique and has its own set of challenges and opportunities. The best partners have a “one-team” mentality by listening and customizing their approach to your business goals.


It is not always about buying the best of breed; it is about buying the right technology that meets your needs and achieves your business goals.

Vice president of Innovation | LogRhythm
Jonathan Zulberg began his career in the security industry at Checkpoint Software Technologies as a senior data security consultant of EMEA. He continued his career in IT at Egress Software Technologies and TrapX Security, eventually returning to LogRythm in 2017.

Optiv Security: Secure greatness.®

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit