There was a bit of good news on the talent-gap front recently: some 65 percent of organizations now have a CISO (chief information security officer), versus 50 percent a year ago, according to the second installment of ISACA’s State of Cyber Security 2017. But findings from this and other recent surveys suggest that below the executive level, the gap between the demand for skilled cybersecurity workers and the available supply is acute, persistent, and having a negative impact on security effectiveness.
Not enough people – students, current workers, or others -- are gravitating toward a career in cybersecurity. The worldwide shortfall of cybersecurity professionals is expected to reach 1.8 million workers by 2022. In today’s market, employers continue to struggle to fill open cybersecurity positions; according to the earlier installment of the ISACA survey, 55 percent of all cybersecurity positions take three to six months to fill with a qualified candidate.
There’s concern not only about the supply of talent, but the capabilities of that talent as well. Fully 48 percent of the ISACA respondents were not comfortable with their security team’s ability to address anything beyond simple cybersecurity issues.
Meanwhile, the number and complexity of cyber attacks continues to grow. In the first six months of 2017, in the U.S. alone, the Identity Theft Resource Center has documented 758 new data breaches, resulting in the exposure of more than 11.8 million personal records.
How can organizations cope with the growing gulf between the cyber resources (including talent) they have, and what they need? Investing in a CISO is not a bad place to start, if it is accompanied by investments in the full life cycle of a strong cybersecurity workforce – from sourcing, to recruiting, to hiring, training, developing skills, assessing, and beyond. This requires time and money, but it’s essential, to keep pace with the ongoing threat.
Giving The Gift Of Time
Another strategy to address the gap can yield much quicker results: freeing up the valuable time of the cybersecurity professionals you already have, by automating.
If your IT and security professionals are like the vast majority of their peers, they are grappling with information overload. The nonstop torrent of information they receive, from a widening set of security solutions and data sources, about the configuration, performance, and behavior of their IT resources overwhelms their ability to process it.
If it’s not triaged and distilled, this flood of information can trap security analysts in reactive mode, where – as Observable CTO Patrick Crowley says – they “spend the vast majority of their time chasing down false positives.”
At its core, information overload is a problem because machines are generating huge volumes of log data, which is not suitable for consumption by humans (including security analysts). Endpoint modeling is a new class of security solution that enables automatic detection of security problems, wherever they may be lurking in the volumes of data confronting the analyst. It does so by consuming machine-generated log data, and producing alerts that are easily consumable by humans.
For every connected resource in an organization’s footprint – including networks, servers, devices, applications, data, and users – a specialized entity, the endpoint model, is created to track what is normal role and behavior. If any resource behaves in a way that deviates from the model, it can be seen in sharp relief to the model. When that happens, the endpoint-modeling solution provides near-real-time alerts, which enable the analyst to take fast, effective action to defend the IT environment.
By tackling information overload in this manner, endpoint modeling gives the IT/security professional a fighting chance of defending against potential threats. It also benefits your organization, by freeing up the finite time and energy of those professionals, and allowing them to accomplish more on other tasks. It’s an excellent way to cope with “the gap.”
Experience Endpoint Modeling On Your Own Network
Getting better visibility into your network and improving your security couldn’t be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.
Detect Threats Faster – Start Your Free, No-Risk Trial