CDSA

Data is the new currency, and it’s being distributed throughout the world by both legacy and new organizations.

One of the key challenges in M&E and every industry is how to protect this information in a continuously, rapid-changing world with information distributed from a larger number of sources to exponentially growing numbers of consumers. The evolving threat landscape has enabled more complex attacks, while the security operations center (SOC) staff is often using the same legacy tools and procedures.

While there is little debate about the need for cyber security systems and tools to protect information and content at rest, in transit and under user endpoint devices, the managing of these systems and the information associated with operations is scaling faster than organizations can simply hire new talent or linearly scale legacy tools.

Many organizations have added point solutions, but the increased security complexity contributes to several problems:

• Too many vendors to manage
• Too many alerts to investigate
• Manual processes that slow response times
• And a lack of trained staff to manage the expanding workloads

The addition of security orchestration, automation, and response (SOAR) capabilities can help alleviate these pressures. Using a platform like Fortinet’s FortiSOAR, security operations teams can improve collaboration, control, and SOC automation through out-of-the-box connectors and customizable frameworks that pull together the organization’s security tools, while at the same time reducing alert fatigue.

SOAR centralizes tools and amplifies the efforts of SOC teams, empowering them to rapidly respond, automate tasks, and execute actions across the organization’s security stack.

In a recent CISO Survey, 42 percent of responders reported suffering from cybersecurity fatigue, and 93 percent of those individuals are experiencing 5,000 or more alerts per day. Analysts face increasingly complex and fragmented security infrastructures with a multitude of point products from different vendors.

Although the sheer volume of alerts is a big part of the problem, tracking, investigating, and trying to remediate alerts from many different sources also requires a great deal of manual effort. And while alerts, vulnerabilities, and cyber threats demand attention, other aspects of improving an organization’s security posture are important too.

At the same time, when it comes to security operations, organizations are struggling with a worldwide cybersecurity skills shortage. As of 2021, almost 3.5 million cybersecurity jobs remain unfilled. In fact, 65 percent of companies currently lack the skilled staff they need to maintain effective security operations.

The combination of the skills shortage, security fragmentation, and overwhelmed analysts increases the chances of a breach going undetected.

A SOAR solution helps security teams integrate their security tools. It allows separate components to communicate and work together in a defensive coordination. With SOAR, security operations teams can automate the tedious and repetitive elements of workflows while maintaining human authority. The best SOAR solutions enrich and contextualize threats to help analysts quickly triage cases according to the severity of the risk, sensitivity, or the critical nature of the threatened business functions.

This is the second of three articles featuring cybersecurity insights from John Jacobs, field CISO, technology, for Fortinet. You can read the first here.