Automate to optimise your security teams

Automate to optimise your security teams

Automate to optimise your security teams

January 4, 2016

Mind the gap

87% of U.K. senior IT and business professionals believe there is a shortage of skilled cybersecurity staff, the same percentage of UK security leaders also want to hire CISSP credentialed staff into their teams. Nothing of real surprise in that there’s a gap; let’s fill it with demonstrable high calibre professionals, right? Well, not quite. That skills gap also includes a “CISSP” gap. With 10,000+ UK security positions out there but just over 5,000 UK CISSPs, the math simply doesn’t add up. We should also consider that credentials like CISSP demonstrate excellent existing domain knowledge but does not help hiring managers understand soft skills, attitudes and other characteristics that combine to form the overall “talent and capabilities” of a candidate.

A pragmatic approach is therefore to hire on traits such as adaptability, collaboration and innovation alongside evidence of requisite technical capabilities. After all, in a rapidly changing digital landscape you’re hiring for tomorrow’s battle not yesterday’s, so agility is essential. Today’s security teams need to be ready to handle the new risks, challenges and the increased pace of change that Internet of Things (IoT) [Read more on IoT security], cloud, mobility and social media all bring to the security challenge. The talent pool is limited, as are organisations' overall cyber security resources. It’s time to develop and support from within and broaden recruitment methodologies for those hard-to-fill open positions.

The rise of the machines

So changing talent management practice can help but immediate challenges need to be met using today’s resources. How can security leaders optimise the utilisation and effectiveness of the team they have around them today? One area to investigate is where human capabilities can be augmented with machine-based learning. It’s common for security analysts to have a blend of routine and “artisan” tasks to which they bring their knowledge, skills and experience to bear. Security analysts are regularly swamped by time-consuming alerts, the majority of which are non-critical or false positive. They also need to constantly research new threats, methodologies and possible attack vectors as it's simply impossible to operate today’s digital organisations with a foolproof defensive perimeter. Something already has or will get through. As such, timely detection of threats is key. Some of these tasks, like the analysis of threat indicators and identifying early signals within the network, can be automated to realise gains in both efficiency and effectiveness for the security analyst.

Automated threat management based upon machine learning and data science can monitor network traffic, analyse in real-time and then identify and prioritise the risks from in-progress attack behaviours. This happens 24 x 7 x 365 and feeds security analysts immediately actionable insight so that they can put their higher value, unique capabilities to work directly.

Human resource remain king

It’s rarely practical to recruit and retain a complete “A team“ of security analysts – they’re not in the talent market and you probably don’t have the budget even if they were. So, build a team that is agile enough to develop and change in the face of a rapidly growing and diversifying threat landscape and then augment their abilities. Human capabilities will remain at the very heart of cybersecurity practice. The argument is to augment not replace humans through automation, and in so doing, realise significant economic, efficiency and effectiveness gains in the security posture of the organisation.

Want to read more about optimising your security teams and available resources?Try our blog post "Insider threats surge while budgets retreat".

Sources:ISACA Global Cybersecurity Status Report —U.K. data, January 2015,U.K. Government —"Cybersecurity skills: business perspectives and government's next steps"U.K. Computer People. "IT Monitor —Q2 2015"Mandiant M-Trends Report 2015

About the author


Vectra® is the world leader in AI-powered network detection and response.

Author profile and blog posts

Most recent blog posts from the same author

Threat detection

How to Track Attackers as They Move to Your Network from the Cloud

December 8, 2020
Read blog post
Security operations

Expertise That Unlocks the Potential within Your Security Operations

July 21, 2020
Read blog post

A Tale of Two Attacks: Shining a Security Spotlight on Microsoft Office 365

October 26, 2020
Read blog post