To Automate or Orchestrate? Enterprise Strategy Group survey calls for guidance and a shift toward accelerating Security Operations
BOSTON–(BUSINESS WIRE)–DFLabs, the leader in Security Automation and Orchestration Technology, announced today the release of new research from Enterprise Strategy Group (ESG), commissioned by DFLabs and other technology vendors, which shows that when it comes to the evolution of Cybersecurity Analytics and Operations, 71% of respondent organizations find it more difficult today than it was two years ago due to the changing threat landscape, followed by volume of alerts and increased regulatory changes.
“Despite businesses making it a priority, there is great confusion on how to make sense of and integrate Security Analytics and Operations. Most organizations are dealing with 10 to 25 technologies ranging from SIEMs, vulnerability assessment, endpoint detection, threat intelligence and user behavior to incident response. They are challenged with the total cost of operations and spending too much time on emergency issues,” said Jon Oltsik, Senior Principal Analyst, ESG.
This need for strategy and process improvements is why purchasing security operations tools designed to help organizations automate and orchestrate security operations processes was cited as the second highest priority respondent organizations will take over the next two years. The majority (90%) of respondent organizations are planning to deploy, or have somehow deployed, technologies designed for Automation and Orchestration.
The research also revealed that Automation is a higher priority (66%) than Orchestration (31%) – pointing to the need for a maturity model to guide security operations centers (SOCs) and cybersecurity professionals on their journey.
Added Oltsik, “There is a lot of hype but these are not turnkey solutions. Most organizations start by employing automation to the most time-consuming low-level tasks, such as integrating external with internal IOCs; whereas orchestration, such as building a run book, requires more thought and planning and attention. We found a great need for a ‘guided’ approach to full automation and orchestration and DFLabs is the only vendor today to do both.”
Finally, the survey found a shift in focus from threat detection to incident response. Eighty-six percent (86%) of respondent organizations are currently using or plan to use an incident response platform while 92% have deployed, plan to deploy or are interested in deploying Machine Learning technology to support Automation and Orchestration – with accelerating incident response as a top driver.
“This research validates our vision for Supervised Active Intelligence (SAI)™. By giving customers a path from machine-to-human to machine-to-machine operations, we gradually guide them on the maturity curve to full automation and orchestration – without losing the element of human control,” said Dario Forte, CEO, DFLabs. “Based upon an innovative machine learning and incident correlation engine, DFLabs offers a force multiplier solution that helps security operations and incident response teams quickly orchestrate the triage, containment, reporting, and remediation of data breaches and other cyber incidents.”
Surveying 412 IT professionals and cybersecurity professionals across a broad range of industry verticals, the multi-client research, titled “Next Generation Cybersecurity Analytics and Operations Survey,” seeks to better understand the evolution of the market including requirements, skills, challenges, and technology adoption plans.
Other key highlights include:
– Eighty-one percent (81%) strongly agree or agree that improving Security Analytics and Operations is a high priority
– 78% strongly agree or agree that they have a formal plan and funding to improve Security Analytics and Operations
– 72% strongly agree or agree that business management is pressuring the cybersecurity team to improve Security Analytics and Operations
– Eighty-two percent (82%) will increase spending in Security Analytics and Operations
In-depth data is also available upon request on the topics of staffing, security operations centers (SOC), managed security services, security data collection, threat intelligence, and technology integration.
To request a copy of the research please visit: https://goo.gl/UGM8oY
DFLabs is a recognized global leader in Security Automation and Orchestration. The company is led by a management team recognized for its experience in and contributions to the information security field including co-edited many industry standards such as ISO 27043 and ISO 30121. IncMan – Cyber Incidents Under Control – is the flagship product, adopted by Fortune 500 and Global 2000 organizations worldwide. DFLabs has operations in North America, Europe, Middle East, and Asia with US headquarters in Boston, MA and World headquarters in Milan, Italy. For more information visit: http://www.dflabs.com or connect with us on Twitter @DFLabs.
Leslie Kesselring, 503-358-1012
IncMan 4.0, DFLabs’ flagship platform, to help cybersecurity operations and incident response teams tackle automation challenges with machine learning
Boston – February 7, 2017 – DFLabs, the leader in Security Automation and Orchestration Technology, announced today the launch of a landmark release of its flagship platform, IncMan 4.0. Based upon an innovative machine learning and incident correlation engine DFLabs offers a force multiplier solution that helps security operations and incident response teams quickly orchestrate the triage, containment, reporting, and remediation of data breaches and other cyber incidents while gradually guiding them on the maturity path to full automation.
The pace of cyber attacks combined with data breach and privacy regulations are making security operations platforms mandatory for organizations of all sizes. DFLabs has conducted months of discussions with dozens of Fortune 1000 CISOs showing that taking the “human” completely out of security automation may be dangerous. Significant concerns with making a sudden switch to fully unattended automation include complex issues such as “Trust on Input,” e.g. If the input data is incorrect, the output could cause even more damage to the business than the incident itself and “Proof of Evidence,” e.g. An unattended full automation response computer can not be a case for a compliance violation and can leave CISOs exposed to avoidable and excessive legal liability.
With IncMan 4.0, DFLabs delivers on its vision for Supervised Active Intelligence™ (SAI) driven by the industry’s first Dual Mode Playbooks (Machine-to-Human and/or Machine-to-Machine). IncMan includes hundreds of playbooks – based on U.S. and UE international industry regulations (including GDPR), standards and best practices. These playbooks are automatically assigned and dynamically applied to an incident to provide the Security Operations Center (SOC) and Incident Response (IR) teams full control of the situation until they are ready for the next step, at which point the machine learning algorithm takes over the process and brings the organization to the next level of automation.
“Progress of enterprise security organizations towards orchestration spanning multiple functional teams is advanced in part by deep, console-based platforms,” said Dan Cummins, Senior Analyst Security, 451 Research. “SOC product buyers should focus not only on acquiring programmable, process-centric expertise of current practitioners but also on establishing an agile foundation to meet future cyber security risks as well.”
IncMan 4.0 is also the only solution available with an innovative Knowledge Base that reduces the amount of time spent on the lifecycle of an incident. The Knowledge Base is managed and updated by the DFlabs dedicated research team and includes threat catalogs, frameworks, standards, regulations and more. Incident response orchestration can be enhanced with actionable intelligence to provide effective direction in assisting the SOC and IR teams in creating and executing a response plan as well as for conducting risk analysis and demonstrating compliance with state, federal and international breach regulations.
A complete and thorough orchestrated incident response plan utilizing IncMan 4.0 has shown to save many organizations significant time in mitigating security issues, resulting in up to 80% reduction in reaction time.
“CISO’s are under heavy scrutiny and pressure to adopt the latest innovation in security automation, yet they are not ready to suddenly and irreversibly replace humans with technology. They must have the ability for their security teams to supervise the intelligent role of the machine – at least at the beginning of their journey,” said Dario Forte, Founder and CEO, DFLabs and internationally recognized ISO standards expert. “This is the basis for the design and development of our Supervised Active Intelligence paradigm that we believe is the only effective path to full automation.”
IncMan 4.0 offers a single, transparent “pane of glass” through which organizations can automate and orchestrate their entire security operations. It is an out-of-the-box platform featuring an intuitive interface and workflow combined with flexible use cases and reporting to meet the needs of any industry. Triage, Containment and Remediation operations can be navigated through the configurable, role-based dashboard. In addition to the Dual Mode Playbooks and Knowledge Base, other innovative features include:
• Integration Ecosystem: Any data source can be easily consumed and IncMan 4.0 features native integrations with the entire cybersecurity ecosystem of data sources to “connect all the dots” within the security operations and incident response process from end-point detection and response and malware analysis to threat intelligence services, through support for STIX and TAXII OpenIOC, and IODEF, as well as integration with commercial threat intelligence, feeds.
• Correlation Visualization Engine: Visualizing the correlation between incidents and artifacts allows analysts to promptly apply industry recognized response and mitigation actions.
• Threat Intelligence Sharing: This correlation capability also ensures that both corporate and government data security organizations can effectively and bi-directionally share new threat intelligence and after action reports.
“Automation and machine learning are in strong demand in InfoSec. On the other hand, we should not forget that Machine Learning and Artifical Intelligence are still relatively new to get applied in businesses. Model design is crucial to consider social factors, human judgment on values, and sensitivity for possible bias. That’s why a guided path to full automation could be advisable, especially for critical applications such as security operations,” said Dr. Anastassia Lauterbach, Advisory Board Member of DFlabs.
Demo and trial of IncMan 4.0 are available immediately. DFLabs Professional Services Team is also available for Breach Readiness and IR Plans to help organizations achieve the appropriate plan, whether it’s guiding security teams through the process or augmenting their internal team.
DFLabs is a recognized global leader in cyber incident response automation and orchestration. The company is led by a management team recognized for its experience in and contributions to the information security field including co-edited many industry standards such as ISO 27043 and ISO 30121. IncMan – Cyber Incidents Under Control – is the flagship product, adopted by Fortune 500 and Global 2000 organizations worldwide. DFLabs has operations in North America, Europe, Middle East, and Asia with US headquarters in Boston, MA and World headquarters in Milano, Italy. For more information visit: http://www.dflabs.coms! or connect with us on Twitter @DFLabs.
Leslie Kesselring, Kesselring Communications