Globally, the cybersecurity industry suffers from a shortage of between 1-2 million IT security workers. This shortage is even more acute when discussing threat intelligence, since this specific profession relies on years of experience and (usually) military or intelligence agency background.
Chances are that if your organization is not located in the beltway area, London or Israel it would be very difficult to recruit cyber intelligence analysts. But even if these employees were to be recruited, they still face an onslaught of attacks, multiple alerts, and “noise” to an extent that even the most skillful are bound to suffer from “alert fatigue” and eventually miss out on critical information.
Technology (in the form of automation) must assist the human in handling this situation, especially since automated tools used in the Dark Web require very little technical expertise, which further deepens the pool of criminals to include even the unskilled.
Across most sectors of the cyber security industry, automation tools help security practitioners make better decisions, but in the field of threat intelligence these tools have seen slow adoption so far. That’s a shame really, since automation makes access to valuable information easier.
It also presents challenges to the threat intelligence program of an enterprise. As long as the “dark side” actors are armed with powerful, automated tools, defenders will be inundated with alerts and often remain unable to determine which of those threats is a realistic risk to their organizations.
Given the jobs deficit that the security industry is facing, automation is a critical tool in any cybersecurity program, and especially threat intelligence ones.
Without automating, the defenders are somewhat handicapped. This handicap is felt by CTI professionals. In an ESG report, “Threat Intelligence and Its Role Within Enterprise Cyber Security Practices,” Thirty-eight percent of survey respondents said that, “Their top threat intelligence program objective is to improve automated prevention. They want to fine tune security controls, based upon timely information about malicious activities in the wild.”
There are not enough skilled candidates to fill the jobs that are out there and even if there were, they would still be encumbered by threat overload.
Rather than finding ways to work together toward a common goal, IT and security practitioners fail to effectively engage in productive conversations that establish a clear plan for achieving a common goal. Digesting and acting upon intelligence is even harder, since it is not always clear what IT has to do in order to mitigate a certain threat. Automation will allow intelligence analysts to deliver only the most relevant, actionable alerts and reduce the “cry wolf” syndrome, reducing unnecessary resources, attention, and angst.
The security ecosystems that provide the strongest security are not those that are cluttered with redundant tools. Rather, they are a combination of the right tools that allow for better performance and functionality.
In order to defend against automated threats, the enterprise has to have an arsenal of defense methods that are equally if not more sophisticated than those used by criminals. Yes, architecting and implementing these tools has its challenges, but the enterprise that fails to utilize these tools today will likely find itself in the headlines tomorrow.
How many more records need to be breached before companies are willing to invest in the automation tools that will strengthen their security posture? Most security practitioners have come to accept the fact that perimeter protection is no longer the way to prevent an attack. Automating allows for streamlining the detection and response process while eliminating the monotonous tasks that otherwise distract security teams.