Changing Role Tier 1 SOC Analysts Should You Stop Hiring?

Slides:



Advertisements
Similar presentations
Lecture 2b: Software Project Management CSCI102 - Introduction to Information Technology B ITCS905 - Fundamentals of Information Technology.
Advertisements

Department Of Computer Engineering
Correlations, Alarms and Policies
Setting up a Hyperion Center of Excellence Case Study at Plantronics By
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
SAKY HCM Employee Details Payroll Management Leave Management Attendance Tracking Statutory Deductions Presented Saky.
Practical IT Research that Drives Measurable Results Get Started Bringing Order to Help Desk Request Chaos.
- Company Confidential - Corporate Overview March 2015.
Why Freelance Developers Are Switching To Econtracts
SIEM Rotem Mesika System security engineering
WHY VIDEO SURVELLIANCE
WHY VIDEO SURVELLIANCE
Hurricanes, Earthquakes, and Threat Intelligence
Hybrid Management and Security
Cisco Defense Orchestrator
Online Office Discipline Referral System
Onboarding Learning Objectives Checklist
Chapter 19: Network Management
Technology & Human Capital Management
Chapter 1: Introduction to Systems Analysis and Design
Hybrid Management and Security
Microsoft Operations Management Suite Insight and Analytics
System Design Ashima Wadhwa.
Advantages of ICT over Manual Methods of Processing Data
Active Cyber Security, OnDemand
Reducing Cost and Risk During an Investigation
Why did you choose us? To address and provide a solution to the many problems associated with your current manual filing system -Problems include: -Lack.
ServiceNow Implementation Knowledge Management
Speaker’s Name, SAP Month 00, 2017
Introduction.
SECURITY INFORMATION AND EVENT MANAGEMENT
Sourcing your next IT Hire
Cyber Threat Intelligence Sharing Standards-based Repository
EMPLOYCODER The Dedicated Offshore Development Center In India.
Automating Profitable Growth™
Importance of RPA (Robotic Process Automation) in software Testing.
A Must to Know - Testing IoT
Pack Your Park by Modernizing Your Business Online
OBEO Alumni.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Ed oms team OMS: Log Analytics Ed oms team.
Skybox Cyber Security Best Practices
PCS WorkFlow Solutions
Real World Scenarios with Service Manager and Orchestrator – Best in Breed Together
Introduction to Information Systems
Moving faster than the human
Automating Profitable Growth™
Heuristic Evaluation Jon Kolko Professor, Austin Center for Design.
Pack Your Park by Modernizing Your Business Online
Automating Security Operations using Phantom
Automating Profitable Growth™
CS385T Software Engineering Dr.Doaa Sami
Chapter 1: Introduction to Systems Analysis and Design
WHY VIDEO SURVELLIANCE
Maintaining order and safety in a city is no small task
WHY VIDEO SURVELLIANCE
Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.
Cases Admin Training.
Chapter 1: Introduction to Systems Analysis and Design
Benefits of Semi Automation - Learn Security Analysis A Lot From Football
MSSP Security Orchestration Shopping List
Fortify YOUR Defense with CyberSponse Adaptive Security
CyberSecurity Strategy For Defendable ROI
6 Business Benefits of Channel Marketing Automation
10 Signs You Should Invest In Security Automation
What You Should Know About Driving Down MTTD and MTTR
Security Orchestration - A Catalyst for MSSP Speed to Market
OPIsrael And The Value Of Next Generation SOCs
Presentation transcript:

Changing Role Tier 1 SOC Analysts Should You Stop Hiring?

Introduction Much has been written about the death of the Tier 1 SOC analyst. To paraphrase Mark Twain, reports of that death are greatly exaggerated. A simple Glassdoor search yields 186 open positions that posted in just the last month. Is one of your open roles on that list?

Recruiting Multiple Analysts Odds are you are recruiting for multiple security analysts at any given time, particularly at the entry level. This is largely due to a combination of attrition and growth in alerts coming in from your various security tools. To add insult to injury, if you’re like most organizations, those jobs have probably been sitting unfilled for three months or more.

Time To Fill An Open Cyber Security/ Information Security Position

Why Need Tier 1 Analyst Directing or managing a SOC is no easy task, especially when you’re short on people to manage. Before you start thinking this is yet another diatribe on the cybersecurity skills shortage, we assure you, it’s not. Rather, in this blog we will look at the role of the Tier 1 SOC analyst today and the part security orchestration and automation play in bringing about an evolution in the way SOC leaders think about these positions.security orchestration and automation

Would You Want This Job? The typical Tier 1 cybersecurity analyst job description reads a little something like this:Tier 1 cybersecurity analyst ●Under general supervision, this role is responsible for monitoring networks for security events and alerts to potential/active threats, intrusions, and/or indicators of compromises and responding to incidents at the Tier 1 level. ●Monitor security infrastructure and security alarm devices for Indicators of Compromise utilizing cybersecurity tools, under 24/7 operations.

Security Analyst Role ●Direct response and resolution to security device alarm incidents and additional incident investigation as needed. ●Utilize cyber security analysis to generate security incident reports and document findings. ●Log details of Security Operation Center call, including all events and actions taken, and track tickets to maintain workflow management. Document all events and actions. ●Determine the intent of malicious activity based on standard policies and guidelines and escalate further investigation incidents to the next Tier of Incident Response.Incident Response

The Rise of the Machines Enter machine-driven solutions. Security orchestration and automation platforms are specifically designed to address many of the most prevalent security operations challenges. Challenge 1: Too Many Alerts Most security operations teams get thousands of alerts per day and can only investigate and respond to a portion of them. On average, security operations teams leave 44% of alerts uninvestigated. Your Tier 1 analysts are the ones on the front line of this alert deluge, making them the ones most susceptible to alert fatigue and ultimately, job burnout.

Contextual Alert Grouping Addressing alert overload is one of the biggest benefits security automation can bring to a SOC team. Data gathering is time-consuming, repetitive and highly detail oriented. It’s perfectly suited to automation.security automation Applied correctly, security automation tools can identify relevant, critical alerts in a fraction of the time, with a higher degree of accuracy than a human analyst can. By employing an automation solution that identifies and groups related alerts into workable cases, you can redirect your analysts’ time toward in-depth investigation, analysis, and incident response activities.

Challenge 2 : Too Many Tools With a dozen or more security technologies to work across, your analysts spend much of their day switching from screen to screen just to gather the data they need. And mastering the ins and outs of managing and using a variety of tools creates a steep learning curve for new analysts. Security orchestration fundamentally changes the game for SOC analysts by creating a single, cohesive interface for managing disparate security tools. As with the automation of alert grouping, this puts more time back into the analysts’ day for tasks that truly require human intervention.

Challenge 3 : Many Manual Processes Are your SOC workflows documented? Entry-level analysts frequently find it tough to get up to speed and become effective quickly when processes aren’t formalized and executed consistently. Manual steps within each workflow – whether interacting with users, looking up files and hashes or adding new rules and signatures – only compound the issue further by taking time away from higher value activities.

Conclusion Because much of what is traditionally associated with the role of a Tier 1 analyst can be addressed with security orchestration and automation, it’s easy to see why some think these roles are on their way to being obsolete. Yes, it’s true that much of what your average entry-level analyst is tasked with today can be completed faster and more efficiently through automation, but that doesn’t mean you should give up your open reqs just yet. Instead, you should think about how to redefine your Tier 1 roles.