This week, an article on DarkReading served as a good reminder that technology alone can only take us so far in the fight against cyber threats. The role of trained security staff cannot be simply replaced by automation.
The article cites a recent Ponemon Institute study conducted on behalf of DomainTools, which asked over 600 US cybersecurity professionals about the effect of automation on their staffing situations:
“According to the study, 75% of organizations report that their security team is currently understaffed and the same proportion say they have difficulty attracting qualified candidates. Over four in 10 organizations report that the difficulties they've faced with recruiting and retaining employees has led to increased investment in cybersecurity automation tools. However, 76% of respondents report that machine learning and AI tools and services aggravate the problem because they increase the need for more highly skilled IT security staff.”
As technological advances continue to increase efficiency and replace mundane, repetitive tasks, it’s important to understand that technology alone cannot replace some of the fundamental elements of security. There remains a strong need for a trained staff to manage any technology and without this people component, technology alone won’t help much. Where technology is most effective is at helping fewer people do more with less time. Automation will make people more efficient and effective but cannot replace the role those people play.
Complex security technologies require knowledgeable experts who are trained in how to properly deploy, configure and interpret the results produced by the tools. People are needed to continue to tweak and tune the systems to reduce noise and maintain proper alerts. Once a potential incident is detected, trained security experts need to review the data reported, uncover the underlying cause and develop the proper course of action to remediate the issue. The human element remains vital in this process, ensuring the technologies deliver value to the organization and incident response is quick and effective.
For organizations who are struggling to staff the round-the-clock security team they need, managed security services, such as Cygilant’s SOCVue security as a service can help. Subscribers gain access to a 24x7 global SOC team of trained security experts to manage security technologies including SIEM/log management, vulnerability management and patch management. This team, working as an extension of your team, can mean the difference between an effective security program to continuously improve your security posture and shelfware. Cygilant combines the technologies for increased efficiency through automation with the team of experts needed to properly manage these technologies.
If you’re interested in learning more about how Cygilant security as a service can help your organization, please request a demo: