Security Automation Saves Money, Time and Work

1
Security Automation

• Saves Money, Time and Work

2
Introduction

• The evolving threat landscape just gets more
  complex and brutal as time goes on. Targeted
  threats abound as advanced persistent threat
  campaigns, cyberwarfare, distributed denial of
  service attacks, and spearphishing. Meanwhile,
  zero-day vulnerabilities and exploits continue to
  be frequent occurrences. Its a hostile cyber
  world out there, and its easy for organizations
  and enterprises to get overwhelmed.

3
Security Operation

• What if there was a solution that could be
  deployed that could cut down on the tedium that
  SOC analysts deal with? The right security
  automation tool can reduce your cases by 80.
• Maintaining security operations is absolutely
  essential, as preventing incidents is a lot less
  expensive than responding to them. If you conduct
  operations manually, that expense is not only
  monetary in value but also wasted time.

4
Improving Efficiency of SOC

• False positive alerts are one of the biggest,
  most expensive problems faced by security
  operations. According to a Ponemon Institute
  study, organizations spend an average of nearly
  21,000 labor hours per year dealing with false
  positive and false negative alerts, wasting about
  1.3 million per year on inaccurate intelligence.
  An organization typically gets about 17,000
  security alerts per week, over 80 percent of
  those are false, and only four percent are
  actually investigated.

5
Security Operation Survey

• As noted in a recent blog post, the SANS
  Institute found in its 2018 Security Operations
  Survey that just slightly over half of SOCs
  provide metrics that can be useful in tracking
  the status and efficacy of their performance.
  Metrics that are particularly useful, such as the
  mean time to detect (MTTD) and mean time to
  respond (MTTR), are complex to the degree that
  they oftentimes limit SOCs ability to request
  further funding necessary for maximizing their
  performance against those metrics, thereby
  creating a catch-22.

6
Security Analyst Their Analysis

• Good logging, effective IDS, and a properly
  configured SIEM with well-designed correlation
  rules can go a long way to decrease the volume of
  false positives. But you can reduce the
  distraction of false positives even further,
  thereby saving money, maximizing productivity,
  and allowing your analysts to spend more effort
  on what absolutely requires analysis from a human
  being.

7
Maximize Security Analyst Investment

• The key is to implement more widely integrated
  and effective security automation. The right
  security automation platform reduces the amount
  of time and effort human security professionals
  have to spend engaging in tedious tasks. It also
  consists of an open and flexible architecture
  that allows for third-party integrations across
  an existing security infrastructure. With such a
  platform in place, infosec personnel can then
  commit more time to activities that require their
  specialized experience, training, and know-how.

8
SOAR Solutions

• According to Indeed, the average annual salary
  for a SOC analyst in the United States is
  83,910. Thats not specifically for a market
  where cybersecurity professionals are higher
  paid, such as the San Francisco Bay Area,
  Seattle, or New York City. Thats an average for
  all of the United States. Also, that doesnt
  include benefits, including expensive private
  health insurance. Plus, no one is at peak
  efficiency when they start a job because theres
  always a learning curve related to a role in a
  particular company which is always unique. Itll
  usually take a few months in a role for a new
  employee to be really adept at their job.

9
CyberSecurity Automation

• Why go through the extra expense and hassle of
  having to hire additional analysts when the right
  SOAR solution can make the analysts you already
  have able to do a lot more? This is just one of
  many ways that security automation can not only
  improve your organizations overall
  cybersecurity, but also start saving you money
  right away.

10
Analyze CyberSecurity

• Security automation can be integrated with your
  SIEM and intrusion detection systems. When a
  possible threat is detected, instead of
  immediately being sent to a security professional
  in the form of an alert, AI will analyze it and
  determine whether an SOC analyst needs to compare
  it against their existing threat intel to figure
  out what theyre looking at and determine its
  importance.
• Advanced AI can analyze threat alerts with
  remarkable accuracy. Machine learning can make
  the whole security automation system smarter as
  the cyber threat landscape evolves.

11
Invest your SOC Analysts

• When SOC analysts spend less time triaging
  individual alerts and more time on the matters
  that truly require their attention, your SOC can
  enjoy an 80 case reduction. Even incident
  response can become much quicker, more effective,
  and more responsive.
• SOAR (security automation and response) works
  with SIEM like peanut butter does with jelly. As
  cyber threats evolve beyond 2018, good SOAR will
  become an absolute must, thereby allowing SOCs to
  become a lot more efficient and effective. MSSPs
  monitor the security of many different clients
  simultaneously, so the benefits of SOAR are both
  exponential and cumulative.

12
Conclusion

• Good security automation yields impressive
  returns. With it, Siemplify has found your SOC
  can enjoy a 300 increase in caseload capacity.
  Thats done not by hiring more staff but by
  increasing SOC analyst productivity through
  standardized playbooks and workflows and
  automation of tedious tasks.