August 29, 2018
The cybersecurity talent shortage is only going to get worse until there is a massive effort to train millions of new cybersecurity professionals.
In the meantime, Optiv Security and Momentum Cyber have published a white paper that discusses the five key trends and technologies that could dramatically reduce the impact of the skills shortage by creating much greater efficiency in enterprise security programs.
The talent shortage is projected to hit 1.8 million jobs by 2022.
Optiv Security’s Todd Weber
Todd Weber, Optiv’s vice president of partner research and strategy, tells us that until “we start thinking of different ways to train people on a mass scale for cybersecurity, I don’t see that changing.”
“… How do we do things in elementary schools, to where we’re not trying to train up 1 million people, we’re training up 10 million people?” he said. “Get them exposed to cybersecurity at a very early age and then build that as part of the educational system.”
Worsening the problem is the increasing number of new security tools along with the proliferation of new cybersecurity companies, he said.
Optiv and Momentum identified the following trends and technologies to tackle the problem:
Machine learning: By strategically implementing machine learning to areas where it will save time and improve effectiveness, enterprises can eliminate wasteful triage processes that rely on analysts sifting through piles of data and alerts to find actual threats. Machine learning also provides organizations with intelligence to streamline workload and workflow processes.
Platform consolidation: Several security vendors have been building out security platforms through technology acquisition and new feature development. These integrated platforms provide interconnected functionality that allows consolidated management more efficient than managing disparate point tools.
Security integration: By integrating tools, organizations can dramatically speed up detection and response. For example, if an endpoint tool detects an infected laptop, it can trigger changes to firewalls to block the malware from communicating with its command-and-control host. However, while most tools have APIs for integration, they often are limited, so security pros should factor API quality into their buying decisions when procuring security tools.
Automation and orchestration: Security automation and orchestration accelerate the movement of data between tools for the purposes of threat prioritization, response amplification, labor reduction and consistent workflow.
Continuous security validation: Once these integration, consolidation and automation strategies are in place, enterprises must have systems to test that their security controls are properly configured over the course of time, even as network changes are made. Continuous security validation tools automate and speed the process of identifying misconfigured security tools and network devices.
“One or two of these five can make a large impact, it kind of depends on people’s maturity model and how much they’re willing to invest into those efficiencies,” Weber said. “Some of them are hard to avoid these days. Name a tool you can buy that doesn’t say machine learning or artificial intelligence (AI) on it somewhere? But that’s not really the question. What people should be asking is …
… not does it have ML, but what kinds of things can I do with it? How do I get outcomes out of this – meaning I’m looking at these large data sets – how do I get pattern recognition from these that I wouldn’t normally get as a human being? What sorts of outcomes can I pull from this?”
Partners can help organizations deal with the talent shortage in multiple ways, Weber said.
“We’ve already built many of these things and we’ve already done many of these things, and taken the trial and error component out of the mix, as well as how all these systems can be orchestrated,” he said. “Not all APIs are created equal. The amount and quality of the data you can pull or push differs tremendously, and the documentation of what you can do within those APIs varies incredibly. Customers trying to do that on a trial-and-error basis all by themselves can take a tremendous amount of time, and the whole crux of this is you’re trying to save time.”
The channel can “backfill” the shortage and then help an organization strategize on outsourcing large portions of its cybersecurity operations to larger companies that are fully staffed, “especially toward the SMB space, which traditionally had one or two people for security,” Weber said.
“How are they supposed to watch 24/7/365?” he said. “There [are] some things they can do to keep that, but it’s wholly inefficient to try to keep that level of rigor on their systems over a forever time period with one or two resources. So how can channel partners’ help through managed services?”
SafeBreach Rolls Out New Platform Upgrade
SafeBreach has unveiled a new platform upgrade that extends security data with new classes of simulations to validate security controls, additional board-level metrics to drive prioritization, and new integrations to speed the process of remediation.
SafeBreach’s Guy Bejerano
Already able to simulate more than 3,600 attack methods, these new additions expand simulations further across each stage of a malware attack. Guy Bejerano, SafeBreach’s CEO and co-founder, tells us the updates open up new opportunities for his company’s partners.
Here’s our most recent list of new products and services being offered by agents, VARs, MSPs and other channel partners.
“For example, with enhancements such as email and ransomware file-encryption simulations, our partners can now work with enterprise security teams to validate their email and behavioral-based endpoint security controls,” he said. “Our board-level risk metrics enable them to have strategic discussions with CISOs. And finally, our integration with Demisto’s automation and orchestration platform enables partners to offer the complete breach and attack simulation workflow — simulation, prioritization and remediation.”
Cyber Watch Systems, a Texas-based partner that provides security services, has established BreachWatch, an offering based on the SafeBreach platform, Bejerano said.
“We closed an opportunity within 25 days of launching this service,” Bejerano said. “There is a huge need by security teams today to proactively identify where they are protected and where they are not. Our platform approach and continued innovation such as with this product release deliver a huge advantage for all our partners.”
T-Mobile Data Breach a Lesson in Data Stewardship
Last week, T-Mobile announced a data breach that may have comprised the personal information of about 2 million customers. The company said no financial data, credit card information, social security numbers or passwords were involved in the breach, but hackers may have obtained …
… metadata such as customers’ names, billing zip codes, phone numbers, email addresses, account numbers and account types.
Alfresco’s Ankur Larola
Ankur Laroia, Alfresco Software‘s worldwide leader of strategy and corporate development, tells us this metadata is “still very important, and has to be protected and curated.”
“Hackers … likely will target people that are not prepaid, have good credit and are regular subscribers,” he said. “Malicious actors can start to profile these people. They also know where they live and they have their phone number. It’s not so much about how this has happened, but more about the implications of has happened. There’s no news around any sort of remediation they’re going to take.”
Data stewardship can be a very costly and damaging process if it’s not done correctly, Laroia said.
“Look at all the hacks that have happened … these are serious times that we live in, and data stewardship should be a part and parcel of any company that has data, not just on consumers, but also on their employees,” he said. “Now with the advent of the digital world that’s awash in data and metadata, it’s an obligation, not a nice-to-have, for companies to be good stewards of just data in general. It should be a normal part of business.”
A lot of the data hackers are going after is structured data that’s housed in data bases, Laroia said. But hackers now are increasingly pursuing data kept in file systems because it’s not as secure, he said.
“Only about 20 percent is actually stored in a database and the rest of it is typically stored here, there and everywhere, and the controls on that information is spotty at best,” he said.
Exabeam, Okta Deliver Identity Security Offering
Security information and event management (SIEM) company Exabeam has partnered with Okta on a joint identity-security solution designed to help security teams monitor and protect enterprises against credential-based threats.
Exabeam’s Chris Stewart
Exabeam has joined the Okta Integration Network. Okta’s identity platform helps security teams to detect and respond to user-based threats before they become critical.
Chris Stewart, Exabeam‘s senior director of business and corporate development, tells us the offering “opens the door to new revenue opportunities for our partners, merging what are often disparate budgets.”
“This enables channel partners to tap into the IT budget where access management and IT governance money typically come from to grow their projects, rather than just going to the security buyer,” he said. “This increases the level of sponsorship in an organization. For example, they can receive buy-in and support from the CIO as well as the CISO.”
Okta is a “strong market leader,” and Exabeam is recognized as a rapid-growth company in the SIEM space, Stewart said.
“We follow a similar philosophy of really getting to the root of the problem and solving it elegantly and efficiently in a variety of environments,” he said. “This gives partners the confidence to go into sales situations in any type of environment, including legacy, on premise, multi cloud and hybrid cloud, to showcase security in the next generation of IT networks.”
Read more about:Agents
About the Author(s)
You May Also Like