As cyberthreats have proliferated, businesses have had to adapt. Whether driven by compliance concerns or by seeing the strategic value of stronger protection, many businesses have started moving toward more advanced cybersecurity. Many have sought to increase their detection and response capabilities by forming a security team, or even building out a full-fledged security operations center (SOC).
However, running and managing a security operation brings some major challenges. The sheer volume of information created by a network can make the security team’s tasks overwhelming. To top it off, the cybersecurity industry faces a major talent shortage. This means many teams lack the expertise in house to make running a security operation both effective and sustainable.
At this year’s RSA Conference in San Francisco, California, our VP of Security, Tim Brown, will tackle these challenges head on in his discussion, 24 Hours, 240 Million Threat Events. Tim will discuss methods for dealing with several of the biggest challenges security teams face.
For starters, Tim will present potential solutions aimed at helping teams wrap their arms around the number of security events generated each day. As your organization or your client base grows, the number of security events will increase as well. Being able to scale effectively is crucial to your team’s success. Tim will discuss methods for scaling to meet the challenge without overwhelming staff.
Part of solving this information-overwhelm issue comes from helping teams spot important security events and ignore false alarms. Tim will discuss methods for reducing both false positives and false negatives within a SIEM tool. Doing this can help employees make better decisions faster—especially those that may not be as experienced in cybersecurity and triaging. Considering that 62% of respondents to the SANS Institute 2018 SOC Survey claimed a lack of skilled employees as the top problem for those running a SOC, this information could help teams plug the gap and give much-needed assistance to employees with less hands-on experience.
Of course, security operations teams are made up of people. You can put the best tools in place with incredible automation, but you’ll need people at the helm to analyze the data and make the right decisions. The sheer amount of data that teams must sift through can easily overwhelm the team and harm their morale. And with the skills shortage mentioned earlier, it can be hard to hire new team members to offer relief to existing staff. According to research from ESG and ISSA, 38% of employees face burnout due to the effects of the cybersecurity skills shortage. This makes management skills paramount if you want to keep the troops’ spirits up. Tim will discuss methods of keeping these team members motivated in the never-ending fight against the bad guys.
Anyone involved in security should attend this talk—whether they work in house for an SMB or enterprise or they work for an outsourced service provider. In-house employees will learn how to keep their teams effective and efficient in a rapidly evolving threat landscape. Outsourced security providers will learn not only how to keep their customers safe, but also how to consistently reinforce the value of their security services. However, both in-house and outsourced security professionals should walk away with practical tips for improving their security operation.
If you’re already going to the RSA conference, make sure to reserve your seat for Tim’s talk on Thursday, March 7 from 2:50 p.m. – 3:40 p.m. Security teams face a lot of challenges—attend the discussion to learn how to combat them.