Security operations teams today struggle with an ever-increasing number of alerts, new zero-day attacks and a lack of skilled resources. Fifty-eight percent of organizations cite employee skills as a key security effectiveness gap. Seventy-two percent say analytics is more difficult than two years ago and 70 percent report having many manual processes as a limiting factor (all statistics from Enterprise Strategy Group (ESG) survey, April 2017). These skill-based security gaps pose a significant risk to organizations.
One solution to bridging the skills gap is to give security analysts new tools that automate some processes and allow them to handle larger volumes of data. There is a growing embrace of architectural models such as ESG’s security operations analytics platform architecture (SOAPA), which combines multiple tools and processes to build a more effective security operations function.
While security vendors have long provided traditional protection and detection tools that rely on techniques such as blacklisting, packet inspection, heuristics and rules, there are limitations to these relatively static analysis methods. In the SOAPA architecture, these capabilities are typically part of the foundation that is the common distributed data services layer.
A more sophisticated approach
More advanced analytical methods fit into the SOAPA architecture as part of the security analytics layer. These capabilities often consolidate the outputs from the distributed data services foundation to provide more sophisticated analysis.
The next generation of analytical tools, such as user and entity behavioral analytics (UEBA), leverage machine learning, deep learning, and other artificial intelligence algorithms to enable broader analysis, but also offer more focused results due to sophisticated mathematical modeling. Ottawa-based Interset is one example of a company that provides advanced analytical modeling to detect elevated levels of risk. This allows security analysts to be more “ahead of the curve” in tracking risky behaviors and to be able to respond in a more timely fashion.
Identifying a threat, even with an advanced analytical tool, is only the first step in a security response. Analysts must still understand all the potential risk factors posed by a threat. Identifying these risks in a timely manner can be a challenge. Human-machine teaming – leveraging both automation and intelligence at a machine level – removes this limitation.
Compressing days into minutes
One example of a human-machine teaming solution is McAfee Investigator, a product which guides security analysts to faster and more effective investigations, and which complements UEBA in the security analytics layer of SOAPA. After receiving high-quality threat leads from a UEBA-based tool, McAfee Investigator can streamline and automate the investigation triage process. McAfee Investigator’s cloud-based data analytics and machine learning engine collects and prioritizes the data in context, enabling analysts to handle more investigations, more accurately. McAfee Investigator reduces the effort and increases the speed with which analysts can determine the risk and urgency of the incident. Analysts can make accurate triage decisions faster and focus on the most significant threats.
By combining the principles of advanced analytics with guided investigations, security operations teams become more effective, efficient and are able to lower the overall risk posture of an organization. This in turn allows staff to spend more time on ensuring the security framework is providing the maximum level of protection and value to the organization.
I’ll be discussing how security teams can adapt to the ever-changing threat landscape in Toronto (May 15), Ottawa (May 16) and Montreal (May 17) at McAfee’s Canadian Security Operations Roadshow. If you’re interested in learning more about human-machine teaming and measures security operations teams can take to improve their operations, please feel free to drop by. To register, please contact Jess McCrossan, marketing manager for McAfee Canada ([email protected]).