To keep up with unrelenting security threats, companies in Asia Pacific already overwhelmed because of the shortage of skilled cybersecurity professionals will look to automation technologies that can help them automate response towards up to 90% of Tier 1 type of work in 2019
“New machine-learning/AI-driven technologies are expected to create new roles and opportunities for security professionals,” Haiyan Song, senior vice president of Splunk told Computerworld Hong Kong.
She said: “From security content developers to automation engineers, these new roles will focus on optimizing the security workflow and its tools – whether through more accurate and insightful custom dashboards and algorithms or through playbooks that suit specific response scenarios and streamline new tools and their processes.”
Automation is vital to cybersecurity
Citing a MeriTalk research, Song pointed out that 76% of organizations believe their security team is often reactive instead of proactive. The figure is hardly surprising given that the same research recorded that of 68% of cybersecurity professionals said their company is overwhelmed by the volume of security data.
“They need advanced capabilities and capacity to respond to overwhelming amount of alerts, especially with so many false positives,” said Song. “Machine learning-based detection technology such as UEBA, orchestration and automation solutions are key to provide the capability the security team needs to detect and response at machine speed.”
Automation is turning the corner, said Song.
“From buzzwords to key investment areas for customers and a must-do for organization as everyone struggles with the chaos brought to us by ever increasing cyber threats, big data and security alerts,” she said.
She added that companies in the region must focus on ways to gain more visibility into their IT and OT infrastructure.
“They must deploy a holistic technology solution that can both detect and act on threats; increase situational awareness; and, spot abnormalities to immediately thwart attacks,” Song said.
Multi-cloud, DevOps and APIs are double-edged swords
Current technology trends that push for an agile IT environment—such as multi-cloud deployment, which is now becoming a must among large enterprises in Asia Pacific; DevOps adoption that has increased the collaboration of once-siloed functions; and the growing use of APIs to bring more productivity and benefits to end-users—are increasing the enterprises’ attack surface.
“These collaborative technologies and methodologies will bring with them a host of problems, including disruption of services and server downtime,” Song said. “While the benefits of interconnection far outweigh the pitfalls, organizations will need to process with caution to avoid falling victim to nefarious actors.”
Song pointed out the traditional way of securing IT infrastructure by focusing on prevention is not working – not for quite some time.
“Hackers will always find a way,” she said. “Today, customers are shifting to lead with detection strategies versus just prevention. But to detect, you first need to analyze and take action on the data coming out of the enterprise and security infrastructure.”
The transition to the cloud, she added, has exacerbated an organization’s cybersecurity headaches.
“One of the gaps we see is the ability to fully and efficiently instrument then enterprise infrastructure to bring data together to deliver actionable insights into this hybrid world, and to truly integrate the security stack so actions can be orchestrated and automated to deliver the response at machine speed.”
Transforming the SOC
According to Song, companies need to give their existing Security Operation Center (SOC) a cold, hard look.
“They need to leverage the technology advancements to transform their SOC into a true security nerve center, and make data, analytics, orchestration and automation the heart of their security strategy.”
The modernization of the enterprises’ SOC is the vision that drives Splunk’s expansion of its cybersecurity portfolio. One of the key elements for fulfilling this vision was the acquisition of Phantom Cybersecurity, a leader in Security Orchestration, Automation and Response (SOAR), which Splunk bought for US$350 million.
“The combination of Splunk’s and Phantom’s technology has ushered a new age of analytics-driven security and enabled our customers to re-imagine their security operations,” Song said. “This is helping our customers in Asia Pacific to stay ahead of the fast evolving threat and attack landscape and respond quickly – at machine speed – to ever more complex threats and attacks. We believe our vison of SIEM, plus UBA and SOAR will help customers achieve a modern SOC by 2020.”