Security Automation: Bridging the Gap between Alerts and Capacity
Abstract: Many enterprises receive more than 15,000 malware alerts weekly and deploy security products from nearly 50 vendors, with the largest companies well in excess of both. At the same time, there is a critical shortage of skilled cybersecurity professionals, leading to as many as 1 million unfilled cybersecurity jobs globally. This mismatch between alerts and capacity causes many attacks to go undetected and lengthens attacker dwell time, increasingly leading to mega- breaches that destroy reputations and shareholder value. One Ponemon Institute study estimates that analysts investi- gate only 4% of alerts, suggesting that human resources alone are woefully insufficient to keep organizations safe. Security orchestration and automation tools seek to bridge this capacity gap by automating the detection, investigation, and remediation workflow, freeing skilled cyber professionals to focus on higher value work. Orchestration platforms accomplish this task by integrating tools across the broad enterprise security ecosystem (i.e. SIEM, A/V, EDR, IPS, IDS, DLP, etc.) and frequently by layering on proprietary threat intelligence and leveraging advanced capabilities such as arti- ficial intelligence. While orchestration and automation platforms are still in the relatively early stages of market penetra- tion, customer interest has been robust: one recent survey showed nearly 75% of respondents had already taken steps to automate and/or orchestrate their incident response processes or planned to in the next 12-18 months and more than 90% planned to increase spending on incident response tools and platforms over the next 2 years. This panel brings together some of the leading companies in the orchestration and automation segments and explores the ways in which they are disrupting the security industry by automating what historically has been a manual process prone to human error, alert fatigue, and weak product integration. Our panelists come from dedicated orchestration and network visibility companies as well as from companies that are incorporating orchestration/automation tools into broad- er security offerings. Together, they will offer a unique perspective on growing companies into leaders in this emerging segment. The security orchestration segment is expected to grow from $826M in 2016 to $1.7B in 2017, a 15.3% CAGR (MarketsandMarkets) 92% of companies get over 500 alerts per day, with some getting as many as 5x that amount; a single cyber analyst can handle roughly 10 alerts per day, illustrating the capacity gap (Enterprise Management Associates) 74% of surveyed companies ignore alerts because they can’t keep up with the volume; 30% ignore more than half of the alerts (Enterprise Strategy Group) Nearly 80% of surveyed companies believe that orchestration/automation tools would enable them to investigate more alerts (Enterprise Strategy Group) Discuss the ways in which organizations are integrating orchestration/automation platforms into their security eco- systems. How has market acceptance of orchestration/automation evolved in recent years and how do you see the market continuing to evolve in the coming year? What capabilities will leading orchestration/automation platforms need to offer to capture market share in this fast- evolving segment? Are orchestration/automation platforms best suited for large enterprises with sophisticated security teams, or do they have broad down-market applicability too? Market Statistics, Sizing / Growth: Discussion Topics:
Made with FlippingBook - Online catalogs