Analysis

The tech industry must embrace automation if it wants better security analysts

There’s no reason why we shouldn’t be automating menial security processes in 2019, according to McAfee

Cyber security automation mockup

Automating necessary, but menial and time-consuming functions in a business could be the key to unlocking the next wave of advanced analysts and threat hunters.

'There really isn't any reason to avoid automation,' according to Michael Leland, chief technology strategist at McAfee, adding that only through embracing the automation of tasks, specifically in a company's security operations centre (SOC), can they hope to free up valuable human brainpower for other things.

Speaking at (ISC)2 Security Congress, Leland said every tier 1 analyst wants to move up to tier 2, but are stymied by the relentless and menial work they have to do.

"A tier one analyst whose job is to pick through the events at a very low level I hate to call them it trained monkey work but at the end of the day, a lot of the work they're doing is mindless." he said.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"But I can tell them that I'm reducing the workload by 80% by allowing a bunch of the automation to do his job. That time restriction now is removed and he can start performing more advanced techniques that you might want to learn."

These monotonous duties preventing tier 1 analysts progressing to tier 2 and beyond include triaging all the events that pop up in the SOC and evaluating whether they need remediation.

The time it takes a human to triage an event and perform remediation takes around 75 minutes, what's known as dwell time. An automated process could do it in just two, according to Leland  and the efficacy of a SOC is measured, in part, on the dwell time it takes to remediate issues.

"The only way to achieve this kind of efficiency is to automate as many of these tasks as possible, whether that's an AI engine, whether it's machine learning or simply mining data," he said.

The value of a unified and automated architecture is huge. Automating processes in a SOC can lead to a 1,000% or more increase in event handling capacity, a 65% quicker triage rate and this is all done with a much greater degree of accuracy compared to what a human can produce.

This is due to a few things, the first being a human's inability to multi-task. Leland referenced an experiment McAfee did with people who were originally told to enter a room, scan it and then recall all the items they saw in that room after.

Advertisement - Article continues below

People were able to score a 98% recall rate in the first test condition, but when the researchers made them unlock a door before entering the room an added task the recall rate tumbled to 67%.

Related Resource

How AI and automation are changing the way work gets done

Intelligent automation will be a defining factor for the future workforce

Download now

"We think that the combination of humans and machines, the concept of human-machine teaming is probably the only way that we are going to achieve better accuracies, reduced timeframes for meantime detection, reduced meantime for remediation and reducing alert fatigue," said Leland.

Another factor affecting the effectiveness of a SOC program is the constraints on resources that businesses face. By freeing up tier 1 analysts, organisations can use their analyst's free time to explore opportunities to improve what those analysts are already doing, or do new things to benefit the business while the automated SOC works in the background.

The need for automation has never been greater for businesses and that's evidenced by the sheer number of events that trigger alerts in a SOC environment.

Advertisement
Advertisement - Article continues below

Leland said, on average, an enterprise of a significant size will be alerted to 3.2 billion events a month. 3,000 of these will require investigation and only 13 will be critically dangerous.

"How else would you find those 13 in 3.2 billion if you have a human bottleneck? Automation is the only way to achieve that."

Advertisement - Article continues below

Automation may be one of the industry's most feared buzzwords it threatens the jobs of many real people working in the industry but a rise in automation should instil fear in no-one, Leland claims.

"The idea behind robots replacing humans is probably something that we're not going to see in our lifetime," he said. "But what is more realistic is that we're going to build environments where humans and AI or computers work better together to create greater value."

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019