Ask any of the owners of the 529 million records that were breached in 2015 and who took an average of 146 days to find the breaches in question. Then consider that both the volume and complexity of the threats are growing each year.
Rule-based systems are effective at automatically identifying known threats that they’ve been trained to recognize and then alert a trained security analyst. But SIMs and rules-based approaches are ineffective at identifying unknown threats, which continue to grow in volume and complexity. As a result, a large number of high risk incidents go undetected.
Despite all the hype related to AI, current security solutions are better tailored for graduate school labs than real-world enterprises. Current breed of approaches are still years away from matching a human security analyst’s effectiveness. These systems also require major investments— both human and financial—and still miss a number of incidents that an experienced analyst would detect with ease.
The human capability—that combination of domain knowledge, analytical capabilities and being able to place threats in context—is invaluable in detecting and resolving threats. But this human capital is in short supply. The top two complaints or concerns that organizations have about their SOC or cyber analysts are that: 1) there are too few of them to meet today’s threat volume; and 2) all of that intuition and enterprise knowledge can walk out the door at any time.
A superior approach to identifying and stopping attacks requires a system that can classify, enrich, correlate, cluster and assign a continuous threat rank automatically to threats, known and unknown, to enable rapid remediation.
The current breed of threat detection solutions require a lot of work to make them effective. Unless the cost of automation is reduced by 10 - 100x, a large number of critical events will simply be lost among the billions of events collected everyday. Unless and until the ROI of automation improves, its potential is going to remain unrealized.
One size never fits all—especially when it comes to your enterprise and your data. The ultimate cyber security solution may start with the absolute best in core technology, but it only reaches its full potential when customized to your own IT environment.