Beating burnout in information security

Kevin Kennedy at Vectra AI explains why we need more accurate attack signals to stop burnout, boredom, and breaches

 

Security analysts are approaching the point of no return when it comes to managing the modern threat landscape. In fact, 72% of security practitioners think they may have been breached, but can’t confirm it, demonstrating the struggle for visibility, and the sheer scale of the ‘unknown threat’ facing organisations today.

 

The unknown threat has been gathering momentum over the past couple of years with the rapid shift to hybrid cloud services, applications, and storage. This has trapped security teams in a never-ending spiral of “more”:

• More attack surface exposure means more tools, which means more
• More evasive attackers mean more rules, which means more alerts and more
• More alert rules to tune and maintain means more analysts, more work and more

The answer to more is not more and it’s time to cast blame on security vendors as the source of the problem. More does not erase the unknown threat. It fuels it.  More is the cause of the lack of visibility and lack of confidence security practitioners have and it’s forcing security analysts to vacate their roles.

 

The human impact

The current global cyber security skills shortage stands at a staggering 3.4 million. If we don’t break out of the spiral of “more”, we can expect this number to rise as disillusioned analysts leave security.

 

Alert fatigue from analysts continuously having to respond to irrelevant alerts is not only impacting their wellbeing, but it is also starving them of any creative freedom or critical thinking when it comes to solving problems, creating a tedious and repetitive job.

 

This monotonous role creates a snowball effect, creating disillusionment and making analysts numb to alerts, and therefore taking shortcuts and ultimately missing truly critical alerts. 

 

More widely, a regular churn of different security analysts going through a revolving door means existing security teams have a lack of consistency and stability, so they are unable to operate at maximum capacity. When it comes to more, the only more humans need is signal clarity.

 

AI is the path to signal clarity

Although it may seem daunting for organisations to reverse the skills gap and burnout trends, all is not lost. The key is simple: signal clarity. Signal clarity means that security teams spend their time doing what they love, what they were trained to do. Using their brains is why they got into security in the first place — not sifting through piles of alerts or maintaining and tuning detection rules.

 

But how? Well, it should be apparent by now that chasing rapidly evolving and evasive attack techniques with yet another SIEM rule, IDS signature, or simple anomaly detection is the cause and catalyst of more—not the solution for it.

 

AI has proven instrumental in delivering signal clarity. Not the marketing snake-oil variety of AI that’s all too common today, but rather real AI that:

• Thinks like an attacker and accurately identifies their methods at speed
• Knows what is malicious based on both the local environment and global threat landscape
• Focuses on the urgent by understanding progression and what’s critical to an organization

 Note: if a security vendor’s technology requires security analysts to constantly tune their AI to arrive at signal clarity – it’s not real AI. It’s simply another trap in the spiral of ‘more’.

 

AI and humans – the best of both worlds

AI is not a silver bullet. Done right, it can process massive quantities of data to generate a clear signal at the speed and scale only a machine can handle. Knowing what to do with that signal takes human intelligence. How long should we wait to respond and tip off the adversary that we’re on to them? What’s the best remediation path? Are we sure this is malicious before we reset the domain controller?!

 

Applying AI to quicken the entire threat detection and response process enables security analysts to get ahead and stay ahead of attacks and do what they do best – use their critical thinking skills and experience to stop attacks before they escalate into major incidents.

 

Ultimately, the best of both worlds comes down to playing to the core strengths of human intelligence and artificial intelligence.

 

Safeguarding the wellbeing of the cyber security human

The more vendors force security analysts into the spiral of more, the less effective, fulfilling and rewarding the job – and the less likely they stick around. It’s time security vendors steady the ship.

 

If we continue down the current path and continue to drive security teams into a vicious spiral of more, the skills shortage and the fog of the Unknown threat will continue to grow. To buck the trend, no doubt security teams need tools that provide visibility and control, but ultimately, they need tools to provide the best signal clarity.

 

By having signal clarity that accurately and reliably prioritises threats, security analysts spend more time using their intelligence, their critical thinking, and less time on mindless administrative tasks like alert triage, tool maintenance and tuning rules.

 

It’s time security vendors commit to safeguarding the well-being of the security analyst. It’s time security vendors commit to erase the unknown and provide the signal clarity analysts need to do what they signed up for – defend the organisation from cyber-attackers. A failure to commit means we are failing them.

 

---

 

Kevin Kennedy is Senior Vice President of Products at Vectra AI

 

Main image courtesy of iStockPhoto.com