The State of IT Automation: New Pressures Invite New Opportunities
Read Report
This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies and agree to our Privacy Policy.
Solutions Overview Discover how to accelerate time to value with purpose-built solutions for every IT function.
IT Operations Management Automate infrastructure provisioning, testing, incident resolution, proactive maintenance and more!
Network Operations Management See why Resolve is trusted to execute millions of automations every day on the most complex networks on the planet!
IT Service Desk Management Automate service desk requests, change management, and incident management — and power self-service options and chatbots!
Cloud Operations Rapidly Migrate to the Cloud, Auto-remediate Server and Application Issues, Deploy and Provision Systems, and Optimize Resources to Manage Costs
Autodiscovery & Dependency Mapping Get full-stack visibility into complex infrastructure, automate dependency mapping, and ensure your CMDB is always accurate.
September 8, 2017 • Larry Lien, Chief Product Officer
Just a glance at the current headlines reveals cybercrime is increasing on a global level. Criminals are not just targeting enterprises, but small and medium-sized organizations. And they’re becoming more strategic, innovative, and nefarious with attacks like ransomware; in fact, total ransomware has grown 80% in 2016, according to a report from McAfee Labs.
Enterprises are not just counting on prevention-only approaches; they’re focusing on detection and, more importantly, response. Worldwide spending on information security is expected to reach $90 billion in 2017, an increase of 7.6 percent over 2016 and will hit $113 billion by 2020, according to Gartner.
How are organizations handling security incident response to combat growing threats?
What is the current state of Security Operation Centers (SOC) and why are they at risk?
How do organizations improve coordinated response to security incidents?
Let’s examine some of the challenges SOCs face and the benefits of uniting Security Incident Response automation with Case Management.
Cybersecurity Analytics and Operations are Becoming More Difficult
SOCs are constantly being bombarded with new threats. Crypto-style ransomware grew 35 percent in 2015, according to Symantec Internet Security Threat Report. For example, the recent WanaCry ransomware attack took down hospitals, factories, and banks in an orchestrated, worldwide attack in May 2017.
Incidents and data breaches are not only advancing, they’re becoming costly, too. The IBM Cost of a Data Breach Study reveals that the average total cost of a data breach is $3.62 million – not including the negative impact on an organization’s brand.
While SOCs and security professionals are highly skilled and often running at full speed, there’s often a shortage of personnel on teams to help combat security incidents. Compounding the challenges is alert fatigue, where security teams become desensitized to security alerts. CISOs are often faced with the challenge of combating increasing security incidents with finite personnel.
The Arms Race Between Security Professional and Criminals
Most security operations have developed some form of incident response processes and procedures, but many of these existing approaches are losing ground in the battle against cyber attackers. Why are some security teams struggling to keep up?
Some organizations approach incident response in a highly-fragmented manner. Their incident response approach is often cobbled together from a variety of disparate point solutions including SharePoint, Wikis, shared folders, spreadsheets, Word documents and individual scripting tools, to name a few. Unfortunately, this patchwork of various solutions lacks process consistency, workflow, and focus.
While a disparate approach to security creates inefficiencies, an organization also opens itself up to vulnerabilities. Cyber criminals opportunistically realize this too. Attackers recognize the gaps in security and are becoming more tactical in penetrating defenses. Fragmented security incident response tools create chinks in the armor. Furthermore, criminals are becoming more organized with underground black markets, trading and selling advanced attack tools to target proprietary, customer, and financial data.
A Holistic Approach to Unite Security Incident Response with Case Management
Successful Security Incident Response (SIR) means cross-functional incident response activities, but in a unified approach. Partnered with IT and other technical operations groups, a holistic approach means your security team has higher levels of control, visibility, and assurance. While case management provides enforcement-grade evidence and task logging of the investigation and remediation, it should not be kept separate and siloed.
Automated security incident response shows great promise but you can’t just add automation to your SOC and walk away. This approach only compounds previous fragmentation. As mentioned, successful SIR requires the key technical stakeholders to harmonize strategies and functions across ; there is need for not only end-to-end automation, but human-guided automation, which integrates human-directed activities and decisions with machine automation.
As the leader in automated security incident response technology, Resolve Systems is uniquely positioned to share actionable insights on how to respond to the rapidly evolving threat landscape.
Want more strategic insight on how automation united with case management can optimize your organization’s security incident response?
Larry Lien is responsible for product definition, product marketing, and strategy at Resolve Systems. He has over 20 years of product management, marketing and business strategy experience delivering successful products and services to the enterprise IT and security marketplace.
