Security analysts are a CISO’s most valuable sec ops resource. Plain and simple.

And with cybersecurity expertise in high demand and low supply, retention of those security analysts is a top priority among businesses everywhere. Not to mention, the sec ops skills gap will only widen in 2018. A recent survey revealed that more than half of all respondents have “a problematic shortage of cybersecurity skills.”

In response, many businesses are eying human-augmented machine learning for continuous threat monitoring. On the surface, security automation assumes many of the tedious responsibilities of the security analyst, which helps smaller teams accomplish more in less time.

But on a deeper level, eliminating the “noise” associated with traditional SIEM solutions opens up security analysts’ schedules to more judgement and experience-based functions that boost employee engagement while improving organizational security posture.

Despite the name “human-augmented AI,” it’s hardly just the AI that’s being augmented; it’s also the depth of capability of the human analysts who underpin your security operations center.

Alert fatigue undermines your most valuable resource: people

As of mid-2017, 79 percent of security analysts said that they were overwhelmed by the volume of threat alerts. Simultaneously, nearly, three quarters of those same respondents felt that they were also being stretched too thin with vulnerability maintenance tasks.

We certainly need to acknowledge the obvious here: An overwhelmed sec ops team is an ineffective sec ops team. Without time and resources for adequate alert triage, misses that result in harm to an organization are far more likely to occur.

But once again, there’s a longer-term consideration at play. The average salary of a security analyst is $96,000 a year, and the current unemployment rate among these professionals is microscopically low, according to U.S. Bureau of Labor Statistics. Meanwhile, there are an estimated 28,400 vacancies, according to U.S. News & World Report -- and that’s the conservative estimate. Others estimate unfilled cybersecurity jobs to be in the millions.

The point is, alert fatigue isn’t just a liability for your data security. It’s also a detriment to the very life-force of your entire SOC: your analysts. If they aren’t fulfilled, they will leave, and replacing them will not be easy, to say the least.

Less busy work means more judgement-based functions, better

The point of security automation is not to replace humans. The simple truth is that ML is not developed enough to monitor, rate, triage and hunt for threats, let alone respond to them, with total autonomy.

However, current security automation platforms function by architecting a continuous feedback loop by which analysts can train ML in a much more nuanced way than simply programming it with threat intelligence about “safe” or “good” events from the outset. Therefore, analysts actually begin to curate AI's responses to, and understanding of, events with middle-of-the-road threat ratings.

Under this model, clear threats, such as malware with documented signatures, will be dealt with automatically. Likewise, recurring false positives will be given low threat ratings and sifted out, and will also be used to deeply contextualize future false positives so they never actually reach analysts for investigation.

Only the most questionable activities and behaviors will be escalated to the analyst, who will then be responsible for performing thoughtful evaluations rather than rushing through endless lines of alerts only to realize they’ve been chasing their own tails.

Give the people what they want: thoughtful, judgement-based roles.

Leave the rest to the machines.


Related Posts

May 20, 2022 Willy Leichter

Automating Threat Detection: Three Case Studies

Demystifying the technology with case studies of AI security in action Many automation tools, such...

Learn More

May 17, 2022 Willy Leichter

It's Time to Put AI to Work in Security

While we’ve been talking about and imagining artificial intelligence for years, it only has...

Learn More

May 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: May 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

May 9, 2022 Tessa Mishoe

Bad Luck: BlackCat Ransomware Bulletin

Blackcat Ransomware On April 19th of 2022, the FBI Cyber Division released a flash bulletin...

Learn More

May 6, 2022 Kumar Saurabh

Let Humans Be Humans and AI Be AI

LogicHub’s unique decision automation technology can build clients the ultimate security playbook...

Learn More

May 3, 2022 Kumar Saurabh

How to Build a Threat Detection Playbook In 15 Minutes or Less

Automating a threat-hunting playbook with the help of AI Many threat-hunting playbooks we build for...

Learn More

April 29, 2022 Tessa Mishoe

Integrating Better: What Can Integrations Do For Me?

Introduction Within the realm of security, there are many different toolsets and opinions on what...

Learn More

April 27, 2022 Willy Leichter

Beyond No-Code: Using AI for Guided Security Automation

SOAR Playbooks Outside of football, the term “playbook” is well understood by a relatively small...

Learn More

April 21, 2022 Willy Leichter

Goodbye Lonely SIEM, Hello MDR

When updating your systems from a pure Security Information Event Management (SIEM), choosing the...

Learn More

April 15, 2022 Tessa Mishoe

LogicHub Security Roundup: April 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More