The 2019 Scalar Security Study highlights many trends I see daily in the field working closely with organizations not just in Canada, but around the World. Many companies have invested heavily in technology to detect intrusions, however often have not invested in training staff to properly configure and update these systems, or align the tools with a larger security strategy. Given the high percentage of organizations that have suffered an intrusion, many organizations are also learning that we cannot rely on automated detection and boundary defences alone, they are realizing that attackers will gain access to their networks and they need to develop hunting strategies to find evil in their environment quickly and decrease dwell time of adversaries.
Canadian organizations like others around the world are being inundated by attempts to compromise their network. As a result, security teams spend a lot of time repeating tasks, dealing with false positives and other menial and time-consuming tasks versus spending time hunting and developing new techniques to detect intrusion. If organizations develop streamlined processes, they will often find areas that can be automated through security orchestration, this frees teams up to spend more time developing advanced capabilities and ensures even lower level analysts are following a common process across the organization.
I have seen many organizations that wish to leverage advanced techniques such as machine learning and automation. However, they have yet to cover security fundamentals such as asset inventory, it is difficult to develop a security program without first understanding what you are trying to protect. Many advanced tools that leverage machine learning will often require visibility into data sources that the organization may not have available such as DNS (both request and response), endpoint and network data.
On the other end of the spectrum, I see organizations buying the best of breed of various security tools yet lack the skills within the organization to properly deploy the tools. Many times even if these tools are deployed the analysts may not understand the data to make sense of it or even have processes in place to leverage the alerts these tools generate.
The silver lining of the Scalar study shows that there is a change of attitude regarding not just what tools and data sources are needed to gain visibility and mitigate threats, but also the need for developing people and process to streamline workflows and possibly even automate some of these functions.
Did you enjoy this article?Read more Security blogs here