How can we give cybersecurity analysts a helping hand?
It’s tough being a cybersecurity analyst these days. Over the last few years we have been repeatedly reminded of the challenge they are now facing, primarily through the steady stream of high-profile data breaches that have hit the headlines.
In the last month alone Microsoft has been in the news after suffering a breach that enabled hackers to access customer email accounts, while a breach at beleaguered social giant Facebook was believed to have left millions of user account details “exposed to the internet”. Indeed, a new report suggests that UK businesses are now attacked every minute, which highlights the scale of the problem.
But it’s not just the growing prevalence of cyber attacks that is having an impact. Factors such as the increasing intricacy of business infrastructures and exponential growth in the amount of data being created through internet-connected devices are both adding to the complexity.
As a result, business networks have quickly become inundated with traffic, in turn reducing visibility for security analysts and giving cyber criminals the upper hand.
Clearly, businesses are under more pressure than ever before to up their security game. The challenge for analysts is that they all-too-often find themselves on the back foot.
For example, it’s well known in the industry that security teams are frequently understaffed and overworked, primarily because they are having to respond to an increasing number of security alerts. A recent survey found that 27% of IT professionals receive more than one million security alerts every day, while 55% said they receive more than 10,000.
Not only does this make separating actual threats from false positives a real issue, it also takes a huge amount of effort to identify the alerts that need immediate attention. As a result, security analysts are often fatigued and facing alert overload – which can easily lead to real threats slipping through the net.
Further complicating this issue is the fact that many businesses are still running legacy systems that simply aren’t built to cope with today’s IT demands. This makes the job even harder for security analysts, who end up being shackled by outdated technology that is either too slow or not intuitive enough to support them in the right way.
Finally, the new reality of network security is that the idea of a traditional network perimeter has all but disappeared. From IoT devices, to smartphones and cloud platforms, business networks now have a significantly increased attack surface for hackers to exploit and security teams somehow have to find a way to monitor it all.
The combination of these factors means that the majority of security analysts are fighting an uphill battle. They are being overloaded with data and often don’t have access to the right tools to cope with today’s generation of sophisticated cyber criminals. This is something that has to change – and quickly – if businesses want to stem the data breach tide.
Help is at hand
Evidently, it’s imperative that businesses focus on equipping their security teams with the tools to support them in their daily jobs. One of the most effective ways to do this is to remove some of the strain associated with sifting through a constant stream of threat data and security alerts to let them focus on what they do best – investigating potential threats.
This is where artificial intelligence (AI) and, more specifically, deep learning algorithms come into play. This technology has the ability to analyze vast amounts of information in real time to come to a conclusion. When applied to cybersecurity, it provides real-time anomaly detection, giving analysts true visibility into their security posture and supporting them with actionable intelligence.
Most importantly, this technology significantly accelerates threat investigation and response processes. These algorithms learn complex patterns of ‘normal’ network activity over time to build up a detailed picture of what is safe and then use this baseline to analyze new activity. With deep learning, hundreds or even thousands of features can be analysed simultaneously, and millions of combinations examined to quickly identify anomalous and potentially malicious events as they appear.
This process provides analysts with all the information they need to identify activities that require further investigation. Analysts get access to the information much faster than they otherwise would, and the level of technical expertise needed to decipher the information is significantly reduced. Furthermore, analysts are empowered to focus on the most rewarding part of their job: the investigation and detection of complex malicious activities, as opposed to triaging alerts.
Ultimately, businesses have to realize that failing to give security analysts a helping hand will leave them on the back foot. No matter how big the security team, there is now simply so much threat data to sift through that attacks will naturally slip through the cracks if the right tools aren’t in place.
That’s why businesses have to invest in next-generation tools that are able to make sense of all this data, provide full visibility into corporate networks and identify anomalies in real time. Only then will security analysts get the support they so desperately need in the ongoing battle against modern cyber threats.