How the Use of Automation and AI Can Relieve Cybersecurity Woes | DFLabs

Free community edition

Request a demo

How the Use of Automation and AI Can Relieve Cybersecurity Woes

Back to all articles

Automation and AI

The cybersecurity industry has set an incredibly fast pace, one that’s very difficult to keep up with, and this is true for almost any aspect of it and its continuous advancement, from ITOps to DevOps to SecOps. Despite the efforts of adopting a wider range of tools and technologies to help solve some of the common problems organizations and their security teams are facing, there are still many tasks in cyber defense that require a huge amount of human and manual labor.

Cybersecurity professionals, particularly within security operations and incident response environments, who are experiencing episodes of stress are more likely to make mistakes, potentially leading to performance issues. This may result in other colleagues picking up the pieces and taking on the extra workload, which in turn can increase their likelihood of making mistakes too, or more seriously, putting them on the road to burnout. Add to this the pressure of managing a never-ending stream of security alerts and operational data on a daily basis, and it is no wonder that it has turned security operations centres (SOCs) into stressful work environments. According to new research, where a staggering 65 percent of security professionals are considering changing careers due to stress, it begins to paint a sombre portrait of current state of SOC affairs.

According to this new research conducted by the Ponemon Institute, respondents named a range of other problems that resulted in 70 percent agreeing that working in a SOC was “very painful”. Among these issues included, the inability to recruit and retain expert personnel (68 percent), inability to capture actionable intelligence (55 percent), lack of resources (53 percent), and “complexity and chaos” within the SOC (49 percent).

High Pressure, Even Higher Stakes

Gone are the days when hackers dealt only with credit card details and digital records - they’re now aiming for large facilities that manage huge amount of sensitive data, or they are simply looking to cause widespread havoc with no financial gain for themselves (such as a system outage). When the stakes are high, the pressure intensifies. This isn’t to say that stress is unique for this industry only; there are many other professions that involve a high level of stress on a daily basis, and this is also true for many IT roles in the past, such as maintaining networks and databases. But let’s take a look at the circumstances that made this stress become critically high specifically within the cybersecurity industry in the past few years.

What Makes Things Worse?

As mentioned above, there has been a fair amount of stressors among many security professionals in the past, but the current state of affairs of the cybersecurity industry and today’s increasing stress levels has several underlying causes. Let’s have a look at them.

Firstly, one of the major factors today is that organization’s systems and networks are under almost constant attack, so experts work around the clock, non-stop in a reactive manner (as opposed to having the time to be proactive in their daily jobs). Everyday is a new battle with often unknown and new threat actors, as well as contending with the increasing number of false positive alerts which still need to be investigated to determine their classification.

Another equally important aspect to consider is the speed and sophistication of today’s cyber attacks. It isn’t only cybersecurity professionals using advanced tools, hackers are utilizing them too. With the help of technologies such as artificial intelligence and machine learning, attacks which would have taken weeks if not months to initiate and orchestrate can now be accomplished in hours. Add to this the fact that experts are facing increasing workloads from the continually increasing number of alerts being generated from potential attacks, that are practically impossible to manage, and there it is - a global scale problem with cybersecurity professionals either afraid to take upto such a workload, or wanting to leave work permanently.

This poses perhaps one of the biggest issues in the industry right now - the shortage of skilled staff, which leads to existing staff trying to fill the gaps to cover for the increasing number of vacant cybersecurity job positions. According to this research, it is predicted that by 2021, there will be 3.5 million unfilled cybersecurity positions. Experts agree that this shortage will further cause even greater burnouts and staff turnover, and something has to be done about it as soon as possible.

Can Automation and Artificial Intelligence Be the Key to Solving This?

Organizations are now starting to embrace the use of the same technologies they are up against to help address the issue of stress among security professionals, as well as to combat other operational challenges. For example machine learning can help to automatically identify types of threats and apply incident response processes and workflows based on previous historical events.

As security operations centers realize the benefits that technologies that adopting artificial intelligence and machine learning can bring, such as within in Security Orchestration, Automation and Response (SOAR) platform (to respond to alerts more quickly, to automatically carry out a range of mundane and repetitive tasks which would take many man hours to complete manually, and to orchestrate all security tools within the toolstack through one pane of glass), over time this should help to reduce the stress levels that security analysts are facing on a daily basis.

And while the implementation of any new technology will need to be planned, implemented and managed, taking adequate time and resources to ensure it is integrated into the existing infrastructure in the best possible way to gain the required results, the short term focus should be on keeping high spirits among staff members while reviewing existing processes and tasks to decide exactly which ones can be improved. Until then, it’s almost certain that in the battle with sophisticated cyberattacks, humans must occupy the front line.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo