Check out all the on-demand sessions from the Intelligent Security Summit here.
The labor challenges afflicting cybersecurity teams far and wide are no secret. A razor-tight hiring market coupled with surging demand and an accelerating threat landscape has created a perfect storm of complexity, resulting in a widening skills gap that is driving higher levels of burnout and human error across the sector. In fact, Verizon’s independently commissioned 2022 Data Breach Investigations Report found that 82% of breaches today involve some degree of human error. Whether it’s an unsuspecting end user or a bleary-eyed analyst, the vulnerabilities caused by cognitive overload shouldn’t be overlooked.
Take the recent high-profile Uber data breach. A malicious actor, posing as an internal IT administrator, used digital collaboration channels to trick an Uber employee into giving up their VPN credentials, leading to a total compromise of the rideshare giant’s network infrastructure. The breach exemplified the consequences of a social engineering attack targeting the always-on hybrid workforce. And with the rate of such attacks accelerating in volume and velocity, it’s clear that more visibility of these threats is needed for security teams to effectively remediate them.
Many organizations are investing in a plethora of new, best-in-class security products in response to staffing shortages. However, reactive patchwork spending on the industry’s latest niche products shouldn’t be viewed as the answer, as the tool sprawl often creates additional complexity that hurts organizations more than it helps. Enterprises, on average, have 60 to 80 different security monitoring tools in their portfolio, many of which go unused, underutilized or forgotten. Forcing security teams to master a myriad of tools, consoles and workflows shifts priorities from managing risk to managing technology.
An integrated cybersecurity framework
The companies best positioned to offset cybersecurity’s labor challenges are those adopting best-of-breed security tools and platforms that offer a deep library of API and third-party integrations. Above all, an integrated framework empowers organizations to effectively navigate their unique environments by consolidating tools and reducing human error through the following three processes:
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
- Improved protection via security intelligence and threat sharing: This enables rapid recognition and response to incoming threats via machine learning analytics tools, strengthening a human analyst’s ability to formulate swift and comprehensive cyberdefense measures.
- Improved efficiency via automation: This enables offloading of repetitive and mundane manual tasks to AI-enabled tools, streamlining human workflows by accelerating and improving key facets of incident response and vulnerability management.
- Improved prevention via sharing and consolidating tool data: This enables complete, real-time visibility into an organization’s entire security environment to promote the creation of targeted alerts that uncover unknown threats.
In collaborating with a wider range of security vendors, organizations leveraging API integrations benefit from the combined knowledge of all integrated platforms to greatly improve overall security posture. The extensive access to timely threat intelligence allows security teams to align prevention, investigation and response plans across multiple security controls, as well as increase the speed of their detection and remediation efforts.
Amid the widespread adoption of cloud-based hybrid work environments, it’s increasingly clear that organizational security architectures must consist of scalable, tightly integrated solutions that combine the right balance of automated prevention, detection and response capabilities to effectively protect data across its lifecycle.
Enhancing detection and increasing cybersecurity efficacy
An open API integration framework is the embodiment of unlocking strength in numbers. It stitches together the critical functions and processes performed by foundational security tools — email security, endpoint security, web security, NDR, data security — into a single meshed framework that operates in unison and shares centralized threat intelligence data across its ecosystem. By connecting all the pieces of the puzzle, organizations gain the resources to enhance their prevention and detection capabilities in complex environments.
In one scenario, an API framework could enable automated processes to continuously flow between an email gateway and security service edge (SSE) to corresponding SIEM/XDR systems. This would allow security teams to share rich logging, metadata, indicators of compromise, malicious URLs, user activity, data movement and machine learning analytics in real time. The AI-powered SIEM platform automates the analysis of that threat data, sifting through the noise to generate actionable alerts with contextual information for security teams. Meanwhile, the real-time contextual insights provide simplified guidance for analysts to alleviate potential threats and, if needed, formulate a swift response to an attack.
With access to a wider range of threat data touchpoints, cybersecurity teams can also create customized scripts within the overarching API library. This gives them “targeted capabilities” that more directly align with their specific needs and skillsets. For instance, the team could create a script that simultaneously analyzes email security logs from Vendor A, data protection logs from Vendor B, web security click logs from Vendor C, and spam filter logs from Vendor D, based on which intel is most relevant to their specific use case. Filtering the exceedingly high volumes of incoming alerts enhances the efficiency of the entire team, empowering analysts to identify needles in the haystack by prioritizing the right alerts at the right times for maximized protection.
Automating manual processes and workflows
Despite the growing number of innovative, best-in-class products available on the market today, it’s important to remember that a multi-vector social engineering attack is exceedingly difficult for hybrid security teams to combat regardless of the tools in their stack. Quick and agile responses are non-negotiable in these situations, but with resources stretched thin and employees working from multiple locations, executing swift corrective action free of human error is easier said than done. Even the most experienced and skilled security teams are susceptible to mistakes while trying to remediate an attack. Therefore, identifying how to automate well-defined processes wherever possible is imperative for tightening these response durations and ensuring security teams can remediate quickly and effectively.
With access to an open API library, organizations can integrate the capabilities of additional AI/ML security tools into their existing security architecture to automate the repetitive steps of protection, detection, response, mitigation and intelligence sharing. Whether it’s informing an endpoint security provider of an emerging alert, or securely moving data from one storage solution to another, API-driven automation can handle the routine, error-prone tasks cybersecurity teams perform every day. Streamlining these otherwise human-centric workflows allows overstretched analysts to instead focus on more critical threat assessments requiring extensive time and attention. That, on a macro level, strengthens the security posture of the greater organization.
There’s no magic bullet that will completely reverse cybersecurity’s labor challenges in the immediate future. But there are proactive steps organizations can take now to provide the critical support their security teams need today. For effectively navigating a complex threat landscape, there’s no better place to start than with the applied adoption of a deep API integration framework.
After all, cybersecurity is a team sport. Why defend alone when you can defend together?
Joseph Tibbetts is senior director for tech alliances and API at Mimecast.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!