SOCs require automation to avoid analyst fatigue for emerging threats
A survey conducted by LogicHub at RSA Conference 2018 identified 79 percent of respondents believe both human expertise and security automation is needed for a powerful security infrastructure to keep enterprises safe from breaches.
Still, breaches go undetected for 206 days on average, showing while human expertise is pertinent, it is not effectively being deployed alongside automation tools. This leads cybersecurity analysts to experience alert fatigue, increasing the potential of a missed breach.
The survey, comprised of respondents who identified as security analysts, CISOs, infosecurity experts and security engineers, found 66 percent of respondents have a dedicated or ad hoc threat hunting team to monitor and detect for threats, but these teams often do not often have sophisticated automation techniques in place. This leaves analysts with an overabundance of data to monitor.
Findings showed respondents are very likely to incorporate machine learning in conjunction with analysts to monitor for security threats. Key findings also included:
- 78 percent of respondents have experienced alert fatigue
- 79 percent reported automation in conjunction with human analysts is most effective to monitor for threats
- 93 percent reported it is essential to include a traditional human element into SecOps
- 66 percent of those who do have a dedicated threat hunting team are not benefiting from the right automation techniques.
SecOps needs an immediate shift across industries. Some SecOps teams develop playbooks for an additional layer of training, but when security events occur, it is uncommon to follow every step a playbook describes. The data becomes overwhelming and the resulting alert fatigue leads to analysts overlooking threats entirely, leading to an increase in emerging threats.
The typical security analyst is facing a 40 percent increase in persistent threats and data breaches year over year. In the last year, there were over 1,500 breaches in the U.S. alone, exposing close to 179 million records. Additionally, the rising shortage of cybersecurity skills throughout the industry contributes to the threat detection fatigue experienced by current analysts.
“In the ever-evolving threat landscape, we know machines can scale very well, but we cannot expect them to outpace human intelligence,” said Kumar Saurabh, CEO at LogicHub. “CISOs need to capitalize on irreplaceable expert human analyst knowledge to enrich security automation and provide the industry with the right training tools. This is the only way enterprises will stand a chance in protecting their most valued data.”