Page 94 - Cyber Defense eMagazine September 2023
P. 94
The constant need for more visibility
To truly get a handle on cybersecurity, you need the ability to see the full picture of your networks, your
tools and so on. This will enable you to see where things are broken, where things aren’t implemented
properly and where your management is accepting risk that probably isn't acceptable. Therefore, you
need to harden more of your data and your identities and lock down access. Many times, when
companies accept a lot of risk, they aren’t taking these steps.
And what’s more, despite all the conversations about visibility, it remains a significant problem. Survey
after survey finds that organizations are still struggling to get control over their assets. The explosion of
endpoints and the growth of a more distributed enterprise are among the many factors contributing to
this situation.
You can't protect what you can't see. You must know what you have, and you must see the traffic and
the output from all your security tools. But even if you can gain this visibility, it’s going to quickly
overwhelm your staff – and it’s not enough by itself.
Going a step beyond visibility
Gaining more visibility is a double-edged sword. There’s the positive side of being able to see more of
your network, but the downside is it can quickly lead to alert fatigue amongst your analysts tasked with
monitoring it. Having too many alerts is always going to leave you a few paces behind – and it can lead
to significant burnout. In fact, SOC analysts statistically have high rates of burnout, driven largely by alert
overload. According to the Ponemon Institute, 65% of SOC professionals have considered quitting their
jobs due to stress.
There are simply too many alerts for humans alone to handle; it’s not realistic anymore to assume they
can. To make the most out of expanded visibility you need a better way to monitor it, which is where
automation can play a key role. You also need remediation and responsibility capabilities too.
Organizations need to take visibility one step further, but they are not going to be able to do it with their
human staff. They must add appropriate technologies to partner with people.
This brings up the inevitable question of whether automation is safe or will open up your organization to
new risks. A parallel of this scenario is the rise of cloud computing. In the beginning, there was a great
deal of concern about security in cloud computing, but now most people think the cloud is more secure.
The reality is that automation is quickly becoming a necessity for security and if you don’t use it, you
won’t succeed. Organizations need to get comfortable with automating some remediation and response
via security technologies because organizations will not be able to successfully hand these massive tasks
off to their humans. Attackers are using automation more and more, so organizations need to fight fire
with fire.
A quick caveat, though: you can’t automate all remediations across all environments. Start with lower-
priority devices, data and networks. Once you’ve got those working well, see where else automation is
feasible.
Cyber Defense eMagazine – September 2023 Edition 94
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.