Several converging trends have contributed to highly challenging times with regard to cybersecurity which are making guided investigation and response essential.
#1 – Cyberattacks are the Fastest Growing Crime in the US
According to Cybersecurity Ventures, cyberattacks are the fastest growing crime in the U.S., and they are increasing in size, sophistication and cost. Cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. “Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm,” says Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures.
#2 – There is a Global Cybersecurity Skills Shortage
At the same time, CSO Online reports that “there is a global cybersecurity skills shortage and states that research data clearly indicates that this situation not only isn’t improving, but it may in fact be getting worse. The primary ramifications of the skills shortage include an increasing workload on the existing cybersecurity staff, long-standing open jobs, an increase in hiring and training junior personnel, and an inability to learn or utilize security technologies to their full potential. Only 7% of cybersecurity professionals claim that their organization has improved its position relative to the cybersecurity skills shortage over the past few years. Alternatively, 45% say that things have gotten worse while 48% believe things are about the same today as they were in the past. The cybersecurity skills shortage has two components. The obvious one is that there aren’t enough cybersecurity professionals in the overall pool, so everyone is fighting for the same talent. Additionally, there is an acute shortage of advanced cybersecurity skills.”
#3 – Change is Constant
The rate and frequency of change is constant and will only continue to increase. Hacker techniques are changing and becoming more adept, triggering more detections and alerts every day. Every company’s environment is unique and changing. New security tools are being introduced on a regular basis and new response techniques are being put into practice. And your teams are continuously contributing new knowledge and new insights after daily triaging.
How can Companies Respond to these Challenges?
Given the skills shortage and the volume and sophistication of attacks that are occurring and will only continue to increase, manual efforts cannot respond accurately or in a timely fashion.
Security teams today must implement a SOAR platform that automates many lower level and repetitive tasks, freeing up analysts to focus on the more important problems. SOAR platforms also include pre-built playbooks to guide analysts in the response and remediation processes.
But SOAR can only function properly if teams know what to automate. As the context around alerts are continually changing, one of the challenges in security incident response is that teams may not have sufficient knowledge or actionable insights to handle the large amount of security alerts effectively or in a timely fashion. It is helpful to understand how colleagues and others are dealing with the similar alerts.
Context Aware Guided Investigation and Response
DTonomy’s patented AI Assisted Incident Response platform (AIR) not only orchestrates and automates many of the tasks that security analysts face daily, it continuously learns from actions taken by security analysts in the SOC and accumulates knowledge over time. The platform incorporates experiences from hundreds of playbooks and security experts that contribute knowledge and provides guided investigation and response. The system understands the unique context of your environment and provides guidelines on specific actions to take to respond to and remediate threats.
For example, the platform recognizes what kind of system you are using and suggests how to block IP addresses in your unique environment. The platform is already integrated to more than 100 third party security products and their playbooks and is continuously adding more playbooks. Combining expert knowledge and your unique environment, our AI assistant can analyze alerts and predict actions you should take for the best response.
Adaptive Guidance
The system learns and becomes smarter over time and uncovers insights and trends to make guided recommendations and free security analysts to focus on the higher level, newest and most important threats. More importantly, as new threats are evolving, DTonomy is continuously exploring new ways of Incident Response to ensure you have the most up to date recommendations for incident response for your team.
Click here to learn more!
