In-sync technology is key to reducing this complexity. The solutions then basically help enable interoperability through automation.Ī Unified Analyst Experience (UAX) is a tool to achieve that optimally through automation. In addition to the standardisation benefits that automation delivers at a technical and operational level, it also increases the ability of the vendors to collaborate on formats of data exchange. It is an important tool for security designers and vendors to deploy in their capabilities to enable more efficiency in their cyber security operation centres. Automation can be considered as a capability that the security operation system needs to have today.
This is where automation can play a crucial part. With the background of aforementioned challenges, what becomes clear is the need for organisations to gain accurate insights quickly. One of the main challenges is the high time consumption that security operations require for analysts to conduct investigations, mitigate root cause anomalies, and enable recommendations and feedback, leading to a complicated process that also increases detection and response costs. In addition to the numerous steps, the analyst has to learn different languages across different systems to build the use cases across various tools, which is time consuming and complex. According to a research conducted by Forrester, a security operations centre analyst can take up to 19 steps minimum right from triaging an alert from a nascent stage to closing an incident. 32 percent of organisations lack security automation and orchestration for accurate and timely threat detection and response. Outdated, noisy, and ineffective manual detection methods that attackers continually bypass because analysts conduct manual operations to stitch the siloed tools and impact the ecosystem. Around 70 percent of organisations use at least ten different disparate solutions to manage their security hygiene.
Two out of three organisations say their external attack surface has expanded in the past year.ĭisconnected tools, especially those that are not routinely maintained and scanned, lead to attackers increasingly “living off the land” using legitimate techniques that won’t trigger individual security defences. Poor visibility across an expanding attack surface, which leads to blind spots that attackers are increasingly taking advantage of.
0 kommentar(er)
