While the security tools we choose to invest in can undoubtedly make or break our success, one area we tend to focus less on is the human component of cybersecurity. Yet today, two-thirds of global leaders claim that the global skills shortage creates additional cyber risks for their organization, including 80% who reported experiencing at least one breach during the last 12 months that they attributed to the cybersecurity skills gap.
The always-changing threat landscape, with fewer skilled people makes it nearly impossible to keep ahead of threats. That’s why it’s time to talk about the human element – specifically your Security Operations Center (SOC) analysts – and their role in your cybersecurity framework.
Helping the Humans in Your Security Stack: Enhance, Automate, and Outsource
When you consider your security stack, you probably immediately think of the technology you use. And you’re likely already consuming these as a service. Security vendors operate, maintain, and improve critical security capabilities for the tech you use, keeping those tools tuned to be resilient against the latest threats so your team can focus on more critical tasks.
But what about the people? They’re just as much a part of your security stack as any firewall, endpoint, application, devices, or sandboxing tool. But there’s likely less of a roadmap for their continual improvement. Your analysts are playing a constant catch up game with alerts, which leaves no time for professional development. You’ve probably considered evaluating which tasks the SOC performs that you could automate or outsource, but a lengthy list of other to-dos often means that process improvements get deprioritized.
If your team is overwhelmed, you’re not alone. Here’s the good news: You can take steps to strengthen your organization’s security posture while simultaneously reducing your analysts’ workloads (and lowering the chances that they’ll burn out).
The first is to enhance their capabilities by choosing the right technology and making time for training when possible. Next is to automate many of your team’s processes to improve accuracy, mean time to detection (MTTD), and mean time to remediation (MTTR). Lastly, there are simply some aspects of cybersecurity you’ll want to outsource to keep your team focused on the most critical tasks.
Enhance Their Capabilities with the Right Technology and Training Opportunities
If you’re like most of us, your SOC teams are heads-down sifting through alerts, logs, and tasks. They find it challenging to find the time to stay sharp as they’re focused on the evolving threat landscape and supporting (and improving) your organization’s security posture.
That said, practice – even if done every few months – will make your team better and faster in responding to attacks. Make the time for it. Build and test your processes and playbooks, and then allocate time for tactical training sessionsbased on real-world attacks. Consider partnering with an outside organization to help hone skills and provide additional insights into potential security gaps. Also, take advantage of onboarding and training programs that support short learning curve objectives.
Automate Processes to Improve Accuracy and Efficiency
The goal of every cybersecurity leader today should be to establish a unified security framework across the entire organization that prioritizes synergetic systems and centralized processes to deliver ML-powered automation. If you’re just starting with automation, looking within your team and identifying repetitive processes that may benefit from automation is a good jumping-off point. Consider log review, bot activity monitoring, and initial alert triage for starters.
Remember that AI and ML are only as good as the data they’re trained on and the people who teach and optimize them. When engaging with vendors offering ML-powered solutions, you must look inside the organization and figure out who’s designing their models. What datasets are they working with? What AI training models do they use? Ensure that the processes and automation used to gather, process, identify, and respond to incidents are trustworthy.
Outsource to Improve (or Redirect) Your Team’s Focus
The current intensity we see across the threat landscape, both in velocity and sophistication, means we all need to work harder to stay on top of our game. But that can only get you so far. Working smarter means outsourcing certain tasks – like incident response and threat hunting – so your team can refocus on other strategic priorities.
This is why relying on a Managed Detection and Response (MDR) provider, Incident response (IR) or a SOC-as-a-service offering is helpful. Such enhancements are a critical way to eliminate noise, help your team focus on their most important tasks, and advance your business. Outsourcing can either be used as a temporary measure until your analysts are past the learning curve of new technology, or you can use these services as a permanent extension of your security team, adding professional expertise when and where you need it.
Don’t Forget About Employee Cybersecurity Education
There are many ways to support your SOC analysts, from enhancing their skills through training and certification to outsourcing your detection and response activities.
Yet security is everyone’s job, not just the responsibility of you and your analysts. In many cases, your employees are your first line of defense, which is why everyone in the organization must understand basic cybersecurity principles.
When you invest in ongoing training programs to help your workforce enhance their security knowledge, combined with tools like ongoing phishing simulation services, you enable them to be strong partners to your SOC. It’s one more important opportunity – beyond training, automation, and outsourcing – to support the people who are part of your cybersecurity stack.
Learn more about how Fortinet’s team of cybersecurity experts can help you enhance, automate, and outsource critical security functions to keep your organization secure.
Copyright © 2022 IDG Communications, Inc.