Findings from survey conducted at RSA Conference 2018 highlight how SOCs require automation to avoid analyst fatigue for emerging threats
MOUNTAIN VIEW, Calif., April 23, 2018 -- A survey conducted by LogicHub at the 2018 global information security conference RSA identified 79 percent of respondents believe both human expertise and security automation is needed for a powerful security infrastructure to keep enterprises safe from breaches. Yet, breaches go undetected for 206 days on average1, showing while human expertise is pertinent, it is not effectively being deployed alongside automation tools. This leads cybersecurity analysts to experience alert fatigue, increasing the potential of a missed breach.
The survey, comprised of respondents who identified as security analysts, CISOs, infosecurity experts and security engineers, found 66 percent of respondents have a dedicated or ad hoc threat hunting team to monitor and detect for threats, but these teams often do not often have sophisticated automation techniques in place. This leaves analysts with an overabundance of data to monitor.
Findings showed respondents are very likely to incorporate machine learning in conjunction with analysts to monitor for security threats. Key findings also included:
- 78 percent of respondents have experienced alert fatigue
- 79 percent reported automation in conjunction with human analysts is most effective to monitor for threats
- 93 percent reported it is essential to include a traditional human element into SecOps
- 66 percent of those who do have a dedicated threat hunting team are not benefiting from the right automation techniques
SecOps needs an immediate shift across industries. Some SecOps teams develop playbooks for an additional layer of training, but when security events occur, it is uncommon to follow every step a playbook describes. The data becomes overwhelming and the resulting alert fatigue leads to analysts overlooking threats entirely, leading to an increase in emerging threats.
The typical security analyst is facing a 40 percent increase in persistent threats and data breaches year over year2. In the last year, there were over 1,500 breaches in the U.S. alone, exposing close to 179 million records. Additionally, the rising shortage of cybersecurity skills throughout the industry contributes to the threat detection fatigue experienced by current analysts.
"In the ever-evolving threat landscape, we know machines can scale very well, but we cannot expect them to outpace human intelligence," said Kumar Saurabh, CEO and co-founder, LogicHub. "CISOs need to capitalize on irreplaceable expert human analyst knowledge to enrich security automation and provide the industry with the right training tools. This is the only way enterprises will stand a chance in protecting their most valued data."
About LogicHub: LogicHub offers the industry's most powerful automation platform for security operations, helping organizations dramatically accelerate every SecOps process from alert triage to incident response to threat hunting. Founded on a singular premise that every threat detection process can be automated, LogicHub empowers security analysts to be an order of magnitude more effective and productive. For more information, visit www.logichub.com and follow on Twitter: @LogicHubHQ.
12017 Ponemon Cost of Data Breach Study. Retrieved from IBM Security, 12th annual Cost of Data Breach Study.
22017 Data Breach Year-End Review, Identity Theft Resource Center and CyberScout. Retrieved from 2017 Data Breach Year-End Review.