Put Analytics And Automation At The Core Of Security – Joseph Blankenship – Senior Analyst, Forrester Research
1 like153 views
The document discusses the need for organizations to adapt their cybersecurity strategies with a focus on analytics and automation to enhance security measures. It highlights the challenges faced due to increasing complexity, slow response times to breaches, and the necessity for better detection and automated response systems. The presentation emphasizes the importance of establishing clear rules for automation and building a strong foundation for effective security operations.
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – Senior Analyst, Forrester Research
- 1. © 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D.
- 2. © 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Put Analytics And Automation At The Core Of Security Joseph Blankenship, Senior Analyst October 18, 2017
- 3. We work with business and technology leaders to develop customer-obsessed strategies that drive growth. 3© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D.
- 4. 4© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Analyst Bio Joseph (aka JB) supports Security & Risk professionals, helping clients develop security strategies and make informed decisions to protect against risk. He covers security infrastructure and operations, including security information management (SIM), security analytics, security automation and orchestration (SAO), distributed denial of service (DDoS), and network security. His research focuses on security monitoring, threat detection, insider threat, operations, and management.Joseph Blankenship, Senior Analyst Forrester
- 5. 5© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. My Challenge For Today
- 6. 6© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Agenda › The Evolving World › Cybersecurity Has To Evolve › Analytics And Automation › Starting Your Automation Journey › Rules of Engagement › Wrap-Up
- 7. 7© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. The Evolving World
- 8. 8© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. People And Technology Continue To Evolve www.vexels.com/vectors/preview/71108/evolution-of-human-work-silhouettes
- 9. 9© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Delivering A 5 MB Hard Drive In 1956 1.25in .94in .08in thick
- 10. 10© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Smartphones Replaced A Host Of Devices
- 11. 11© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Concerts Have Evolved
- 12. 12© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Remember Telephone Operators? Image Source: www.flickr.com/photos/jill_carlson/11085936793, www.flickr.com/photos/70251312,
- 13. 13© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Cybersecurity Has To Evolve
- 14. 14© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. 51% of firms were breached in the past 12 months. 48% of Enterprise Firms Suffered 2+ Breaches in 2017
- 15. 15© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Top Data Types Breached Base: 614 global network security decision-makers whose firms have had a security breach in the past 12 months Source: Forrester Data Global Business Technographics Security Survey, 2017 41% 34% 29% 28% 26% 22% 20% 16% 8% Personally identifiable information (name, address, phone, Social Security number) Authentication credentials (user IDs and passwords, other forms of credentials) Account numbers Intellectual property Corporate financial data Website defacement Payment/credit card data Other personal data (e.g., customer service data) Other sensitive corporate data (e.g., marketing/strategy plans, pricing) “What types of data were potentially compromised or breached in the past 12 months?”
- 16. 16© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Security Analysis Is A Manual Activity Source: Forrester’s Security Operations Center (SOC) Staffing
- 17. 17© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Too Many Alerts / Too Few Analysts Source: Forrester’s Security Operations Center (SOC) Staffing
- 18. 18© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Attacker Dwell Time Still Averages 99 Days › Dwell times have dropped from 146 days in 2015 to 99 days in 2016 › While this is a substantial improvement, it’s still far too long 2017 FireEye M-Trends Report Obligatory Picture Of Guy In Hoodie With Ones And Zeroes
- 19. 19© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. The lack of speed and agility when responding to a suspected data breach is the most significant issue facing security teams today. Source: Forrester’s “Rules of Engagement: A Call to Action to Automate Breach Response” report.
- 20. 20© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Infrastructures Are Increasingly Complex
- 21. 21© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Organizations can't handle increased complexity with manual processes.
- 22. 22© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Increasing Complexity Necessitates The Use Of Automation Source: Reduce Risk And Improve Security Through Infrastructure Automation Forrester report
- 23. 23© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Analytics And Automation
- 24. 24© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D.
- 25. 25© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Security Analytics Enables Better Detection Source: Forrester’s Vendor Landscape: Security Analytics (SA)
- 26. 26© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Automation Will Speed Response › Alert triaging › Context gathering › Containment › Remediation
- 27. 27© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Automation Isn’t A Four Letter Word › Historically, security pros have shied away from automation • Risk of stopping legitimate traffic or disrupting business • Need for human analyst to research and make decisions
- 28. 28© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Base: 1,700 Security technology decision-makers (1,000+ employees) Source: Forrester Data Global Business Technographics Security Survey, 2017 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Complexity of our IT environment Changing/evolving nature of IT threats (internal and … Compliance with new privacy laws Day-to-day tactical activities taking up too much time Building a culture of data stewardship Lack of budget Lack of staff (the security team is understaffed) Unavailability of security employees with the right … Inability to measure the effectiveness of our security … Other priorities in the organization taking precedence … Top 10 Enterprise Security Challenges
- 29. 29© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. State that using automation and orchestration tools to improve security operations is a high or critical priority. Base: 1,169 Security technology decision-makers (1,000+ employees) Source: Forrester Data Global Business Technographics Security Survey, 2017 68%
- 30. 30© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Security Is Evolving To Be More Automated
- 31. 31© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. #1 Security Productivity Tool
- 32. 32© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Analysts Also Swivel Chair Between Tools
- 33. 33© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. We Already Have LOTS Of Security Tools Source: Momentum Partners
- 34. 34© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. More tools = more security alerts
- 35. 35© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D.
- 36. 36© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Automation Will Help Break Down Silos
- 37. 37© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Automation will help analysts become more productive, but will not be a replacement for human analysts.
- 38. 38© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Starting Your Automation Journey
- 39. 39© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Crawl, Walk, Run › What are the tasks/processes ready for automation today? • Repetitive, manual tasks • Low-risk processes like investigation, context building, and querying › Build a strong foundation, then work on more advanced automation • Complicated processes • Remediation activities
- 40. 40© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Targeted Attack Hierarchy of Needs Source: Forrester’s Targeted-Attack Hierarchy Of Needs: Assess Your Core Capabilities report
- 41. 41© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D.
- 42. 42© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Rules Of Engagement
- 43. 43© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Automating Response › Automating security is a business requirement › Security is behind other parts of the business Source: Forrester’s Rules Of Engagement: A Call To Action To Automate Breach Response
- 44. 44© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Automation Requires Defined Rules Of Engagement › To enable automation, security teams must: • Know the business › Understand key systems and data • Establish policies for automating › When to automate › When to send to a human analyst • Build consistent processes › Bad process = garbage in / garbage out › Policies based on business requirements • Protect toxic data – IT’S ALL ABOUT THE DATA • Build policies based on data risk A Formula For Defining Toxic Data
- 45. 45© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Rules Of Engagement Source: Forrester’s Rules Of Engagement: A Call To Action To Automate Breach Response
- 46. 46© 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Wrap-Up And Next Steps › Security teams lack the speed and agility to stop breaches • Inadequate tools and slow, manual processes impede progress • Complex environments require automation › We have to make better, faster security decisions • Security analytics tools help make that happen • Ability to automate is dependent on more accurate, improved detection › Automation can deliver faster response • Build a foundation before increasing complexity • Define rules of engagement for automation
- 47. FORRESTER.COM Thank you © 2017 F O RRE S T E R. RE PRO DUCTI ON P RO HIB ITE D. Joseph Blankenship www.forrester.com/Joseph-Blankenship @infosec_jb