25 Oct Analyst Shrugged: How the World Rests on the Shoulders of Cyber Security Analysts, and Why They Need a Revolution for it to Survive
By Tom Young, Senior Vice President of Sales
In Ayn Rand’s epic tale, “Atlas Shrugged,” a small group of enlightened intellectuals holds the keys to a functioning economy and society. Oppressed by their government and intrusive regulations, these heroes collectively sit on the sidelines, led by the infamous rebel, John Galt, as the American economy disintegrates without their skills. In the end, emboldened by love and the collective resistance of like-minded people, Galt brings down the evil empire and order is restored.
Corporate fortunes hinge on the actions of time-strapped cyber security analysts
While not nearly as dramatic, or romantic, today’s corporate fortunes and commerce increasingly hinge on the actions of another burdened, select few – the time-strapped cyber security analysts buried in the bowels of Security Operations Centers (SOCs). Instead of an oppressive government and regulations, our protagonists race to digest and act on reams of data, from incessant security alerts to up-to-the-minute changes in business operations and IT assets. Unlike the intellectuals in Rand’s tome, our security first responders are not sitting out of anything – rather, they are stifled by the difficult task of assimilating data to discern relevant risks and direct corrective action.
We’re witnessing the impact of this screenplay: A parade of high-profile data breaches, particularly the recent Equifax intrusion triggered by an exploit of a known, unpatched software vulnerability that simply was not recognized in time. There is simply just too much data, too many security tools generating too many alarms to make sense of a threat landscape that’s changing at machine speed. The poor results threaten the trust on which the modern global economy is built. Consider that an ever greater share of the S&P 500’s value is intangible assets like data, algorithms and other intellectual property that is far easier to steal or destroy than fleets of trucks or factories.
What will lead the analysts’ charge? Who is their “John Galt?” More than a literary folk hero, SOC teams want to propel a revolution that sheds light on the inadequacy of current approaches and responsibly challenges assumptions that yet another layer of security tools (aka, “alert fountains”) or opaque “Automation!” technologies will somehow overcome the status quo. They need a means to rationalize the data assimilation, and facilitate decision-making and corrective action at machine speed, but with human input, oversight and control.
Empower cyber security analysts with security operations automation and orchestration
Much like two victorious intellectuals who won the day in “Atlas Shrugged,” the world’s cyber security analysts will rise to win when properly recognized, appreciated, and empowered with a Security Operations Automation & Orchestration platform. This platform becomes both a force multiplier and accountability driver – by centralizing formerly ad hoc incident response actions in a single workspace, harvesting years of security teams’ precious experience and recorded actions to guide activity and helping teams measure their overall performance.
When every day is consumed with assumptions and missed opportunities, work can start to feel like dystopian fiction (maybe closer to a reality for the average SOC team). Cybersecurity is complex and no two tales are the same, but when we help incident responders evolve their process and workflow foundations with IR Flow, it yields gains that cannot be achieved by simply decrying the conspiring oppression of cyber talent shortages, alert fatigue, and relentless attackers.
Tweet us the name of a novel or literary classic that reminds us of your SOC team’s missions (@syncurity).