RSA Attendee Survey Highlights Need for Security Automation and Threat Hunting

Enterprise IT security professionals believe that human expertise will always play a key role in detecting and stopping security threats.

That’s just one of the findings from a a survey we conducted of security analysts, CISOs, infosecurity experts, and security engineers at this year’s RSA global information security in San Francisco in April. The US RSA conference, being one of the largest gatherings of security experts in the world, provides an excellent occasion for sampling the views of IT security professionals about the state of their art.

And what did IT security professionals tell us?

• They’re overwhelmed with security alerts.
  78 percent of respondents reported alert fatigue. This shouldn’t be surprising: the threat landscape is getting much worse. The typical SecOps team is facing a 40% year-over-year increase in advanced persistent threats and data breaches. Alerts—both real and false—are going through the roof.

• The security automation they have isn’t working. 66 percent of those with dedicated threat hunting teams are not benefiting from the security automation they have.
• The best possible approach to threat hunting combines security automation with human analysis Just because the automation systems they have now aren’t working, doesn’t mean that security teams don’t recognize the value of security automation. They consider it critical for effective security. But 79 percent believe it should be combined with human expertise to be effective.
• Automation will never replace human expertise.93% told us it’s essential for SecOps to include a tradition human element.

Empowering SecOps teams with effective threat hunting tools is critical. The average data breach goes 206 days before being detected. That’s 206 days for an attack to spread through a network, infect multiple systems, and possibly exfiltrate critical data such as customer records, financial data, intellectual property, and login credentials.

Intelligent Automation that Combines Human Expertise with Advanced Analytics

Enterprises need a faster, more efficient way to analyze alerts and engage in proactive threat hunting.

That’s what we’re offering with our LogicHub platform.

The LogicHub Intelligent Security Automation platform automates threat hunting techniques like scoring, clustering, correlation, and mapping—in effect creating a digital map of a security analyst’s mind. The heart of the platform is the Threat Ranking Engine, which uses context–including context provided by security analysts–to enrich threat data. Using this enriched data, the platforms reduces billions of security events through scoring and classification to triage all threats for rapid resolution, dramatically lowering both false negative and false positive rates.

In line with the RSA survey responses, the LogicHub platform also provides an intuitive feedback mechanism that enables security analysts to apply their expertise to refine the platform’s performance. Unique in the security market, the LogicHub platforms gives SecOps teams the best of both worlds: human expertise along with the power of cognitive automation.

The results address the major concerns raised in the survey.

• Reducing alerts SecOps teams are overwhelmed with security alerts, but by applying advanced machine learning techniques, the platform is able to reduce false positive alerts by 95%.
• Leveraging powerful automation SecOps teams report that existing automation solutions–which often include security orchestration systems the automate routine tasks but fail to address threat hunting—aren’t working. But the LogicHub automates much of the more time-intensive
• Applying and multiplying the effects of human expertise With its feedback loop, the LogicHub platform enables SecOps teams to take better advantage of human expertise, rather than discarding it.
• Accelerating threat detection so that SecOps automation and efforts overall are more effective By capturing and automating the security analyst expertise about an organization's context and processes, LogicHub shrinks threat detection times 10X. In addition, by reducing time-consuming threat investigations, the platform free analysts to engage in more proactive threat hunting, enabling them to detect and stop threats before they cause major damage.