the cybersecurity capacity problem: is automation hype or the only hope?
TRANSCRIPT
Intelligent Security Automation hexadite.com
March 10, 2017
The Cybersecurity Capacity ProblemIs Automation Hype or the Only Hope?
Prepared for
Intelligent Security Automation hexadite.com
Session Overview
• Healthy Disrespect for Marketing
• The Cybersecurity Capacity Problem
• Is Security Automation the Answer?
• What Real CISOs Think
Intelligent Security Automation hexadite.com
Intelligent Security Automation hexadite.com
Security Automation: The Next Big Thing!
Are the Scary RobotsTaking Our Jobs?
Will Automation Save the Rainforests? Maybe.
Intelligent Security Automation hexadite.com
This image cannot currently be displayed.
The Cybersecurity Capacity Problem
Intelligent Security Automation hexadite.comhexadite.comIntelligent Security Automation
Cybersecurity has a capacity problem.
Intelligent Security Automation hexadite.com
The Cybersecurity Capacity Problem
58% of companies get more than 5,000 alerts per month.
< 500
5%
500 – 1,000 1,001– 5,000 5,001– 10,000 10,001– 15,000 15,000+
10%
27%28%
21%
9%
Too Many Alerts
All told, the ESG data indicates that cybersecurity professionals are struggling to keep up with security alert volume and are doing their best to identify, prioritize and address the most critical of the lot. This makes it fairly easy for cyber adversaries to hide stealthy attacks, circumvent security controls and fly under the radar through a pervasive security alert storm.
Intelligent Security Automation hexadite.com
The Cybersecurity Capacity Problem
58% of companies get more than 5,000 alerts per month.
< 500
5%
500 – 1,000 1,001– 5,000 5,001– 10,000 10,001– 15,000 15,000+
10%
27%28%
21%
9%
Too Many Alerts
A full 80% of organizations receiving 500 or more severe/critical alerts per day currently investigate fewer than 1% of them.
Intelligent Security Automation hexadite.com
Prioritization is just a conscious decision about what you’re willing to ignore.
Intelligent Security Automation hexadite.com
If you could investigate every alert from every detection system, wouldn’t you?
Intelligent Security Automation hexadite.com
The Cybersecurity Capacity Problem
This image cannot currently
One cyber analyst can handle roughly 10 alerts per day, on one alert at a time
Too Few Resources
Intelligent Security Automation hexadite.com
Intelligent Security Automation hexadite.com
What is Security Automation?
Intelligent Security Automation hexadite.com
3 Approaches
WHAT THEY DO
Gather data, tell people what they should do next
Workflow Tools Orchestration Tools Scripting Tools
DIFFERENCE
You still need people to perform the investigation and remediation actions
WHAT THEY DO
Connect your existing tools together
DIFFERENCE
They connect for the sake of connection
WHAT THEY DO
Perform actions based on code you write
DIFFERENCE
You still have to write, maintain and update the code
Intelligent Security Automation hexadite.com
What is Security Automation?Security automation is the active process of :1. Mimicking the ideal steps a human would take to
investigate a cyber threat2. Determining whether the threat requires action3. Performing necessary remediation actions4. Deciding what additional investigations should be
next
Intelligent Security Automation hexadite.comhexadite.comIntelligent Security Automation
Intelligent Security Automation hexadite.com
What Should You Automate?
Intelligent Security Automation hexadite.com
IR Spending Stats
Intelligent Security Automation hexadite.com
Automation Results
Intelligent Security Automation hexadite.com
450
2
$162,000
8
Based on your inputs, you spend $324,000 annually to investigate 4% of your alerts. You are paying $80.36 for every investigated alert. 4%
With More Analysts With AutomationIf you were to investigate 100% of your alerts without automation, you would need 57 cyber analysts to manually investigate your alerts
COST ANNUALLY FOR 57 ANALYSTS
$9,112,500.00
COST PER INVESTIGATED ALERT
$55.48
Using automation, you'll be able to investigate 100% of the alerts you receive from detection systems. Using5% of the cost of hiring 57 analysts.
ANNUAL AUTOMATION COST
$455,625.00
ANNUAL STAFF COST
$324,000.00
COST PER INVESTIGATED ALERT
$4.75
Intelligent Security Automation hexadite.com
Intelligent Security Automation hexadite.com
5 Prerequisites to Trust AutomationIn order to trust security automation, it must be:1. Repeatable2. Auditable3. Reversible4. Interruptible - Kill Switch5. Able to Learn/Adapt