Humans are and will always be creatures of habit. Once we learn how to do something, it’s no surprise that we’re likely to keep doing it the same way. That is until something comes along that challenges us to change, and that thing is most commonly some new technology. But if you ask people to change the way they work to fit some new technology, then you’re doing something wrong.
Digital transformation shouldn’t be about taking your existing business processes and changing them in a way that takes advantage of technology. In fact, the digital transformation shouldn’t be about technology at all. It’s about people. Rather than deploying products that disrupt and confuse employees, it’s far more impactful to give them solutions that enhance their capabilities and experience.
Our great migration to the cloud unleashed tremendous opportunities to do this, but it also came with unique challenges for security teams. Growing stacks of disconnected security products — some of which were never designed to be used for the cloud — have only made the situation worse. Security teams today are overloaded with interfaces, information and alarms, stretching their resources and sanity to the breaking point. And while automation has helped to some degree, there are still situations in which human validation can’t ever be replaced.
The world’s massive leap forward into the cloud created an unlimited platform for the enormous amounts of data we create and consume, and some of the latest statistics are astounding: By 2019, annual IP traffic is expected to hit 2 zettabytes, or 2 billion terabytes, and we’ll consume two-thirds of that data
on Wi-Fi and mobile devices. In the enterprise, over 46% of WAN traffic is now cloud-based
, and demand for 100 Mbps data links to stay connected with that data jumped globally from 7% to 25%.
The problem, however, isn’t that we have too much data, it’s that we’re not that great at filtering out the noise from what’s meaningful. Every day we’re bombarded by an inconceivable amount of content at home, at work, and on the go – far more than anyone can digest and decipher in a meaningful way. For security professionals, this bombardment presents a unique challenge.
As data volumes grow in the cloud, and as the number of devices touching that data explode, we create an unlimited number of exposure points that, if left unchecked and exploited, could trigger crippling breaches. And while there’s no shortage of security products that help detect threats and manage alerts, there is a shortage of people with the skills required to respond to threats efficiently. Even if there were, the truth remains that no human can interpret so many alerts in a meaningful way.
The unlimited computing power of the cloud, and of security platforms built there natively, can make that interpretation for us, though. Through the magic of multiple, finely-tuned expert systems running in parallel, a security platform built in the cloud can detect the threats that matter most. This hierarchy of expert systems using techniques like machine learning, and the latest threat intelligence can help inform other parts of the platform, and help enrich the data the platform collects and creates to provide fuller context for busy analysts. In that way, the cloud can help eliminate noisy, error-prone, mundane, and time-consuming tasks to make security professionals more effective.
Although most of us proclaim to be expert multitaskers, the truth remains that most of us just aren’t both by design and habit. Take for example distracted driving. We’re all aware of the potential disastrous consequences of doing everything but concentrating on the road while behind the wheel, yet, many of us continue engaging with technologies while driving regardless.
Not all multitasking failures have life-and-death consequences, of course, but they can be costly for businesses. Technology forces distraction upon us through multiple screens, countless interfaces, and dozens of different modes of communication.
Having to shift focus from one thing to another causes a measurable break in our concentration. In fact, a University of California researcher
found that for every 30 seconds of distraction we’re actually losing 30 minutes of concentration. Between information overload and distractions combined, the U.S. economy loses over an astonishing $1 trillion every year.
This kind of distraction is a very real and daily struggle for security professionals who typically don’t work out of a single console throughout the day. Most spend time jumping between multiple interfaces, either to respond to alarms or to search for information they need for investigations. Considering their constant battle to reduce attack dwell time, those minutes — or even seconds — can’t be spared if they’re going to keep sensitive business information safe.
Having a one-stop shop in which to conduct investigations can fundamentally improve the work lives of resource-constrained security teams. And while the concept of a single pane of glass to manage all aspects of security isn’t new, having a single pane of glass that presents data intuitively is. There’s no reason an analyst should have to jump between different point products and platforms to get the whole picture of a possible attack. Nor should analysts be forced to cull through multiple data sources and log files manually as a source of truth for investigations.
Here again is an example of how technology can help make the way people work today better and more efficient. Security analysts and threat hunters need instantaneous access to all relevant forensic and real-time data, found in one interface, in order to do their jobs effectively. Such an interface should implement deep product integrations throughout both the network, endpoint and threat intelligence landscape to make that information immediately actionable.
Armed with this integrated approach analysts are better prepared to respond with both situational and contextual knowledge of all security events in real time.