The COVID-19 Crisiss Impact on Security Operations: Automation Comes to the Fore – Security Boulevard

Were living through historic times. The current crisis will almost certainly serve as a catalyst for numerous long-term changes in our communities, altering the ways we work, play, socialize, use technology, and benefit from automation.

The global pandemic exposes how many of the things that make us humanour need to be in close proximity with others, our susceptibility to illness, our tendencies towards bias and inconsistent behaviormake our organizations profoundly vulnerable, a weakness that readily extends to the concept of the security operations center (SOC). With so many organizations forced to adapt to remote workregardless of whether theyre well- or ill-prepared, and whether or not it suits their business modelthe advantages of employing automation to accomplish tasks for which people arent well-suited are being revealed anew.

In the SOCs case, turning to automation to perform the most tedious, difficult, and unrewarding portions of the security operations workflow has long carried the benefits of improving analyst job satisfaction and effectiveness, but today it may also be able to reduce the health risks that security analysts face on the job.

Recent researchon COVID-19 transmission indicates that in the majority of cases, the virus spreads from host to host via respiratory dropletstiny amounts of fluid from inside the nose or mouth of an infected person that are released into the environment when they breathe, talk, yell, sing, sneeze or cough. The respiratory droplets that carry the largest number of viral particles are those that are biggest and heaviest, and thus are likely to fall to the ground within a narrow radius of the infected person. This is where the magical social distance of six feet originatedthe idea is that the heaviest of these droplets seldom make it more than six feet.

Asepidemiologists remind us, however, its not simply the case that contact with a minute amount of the virus is enough to trigger infection. Instead, you need to encounter an adequate number of viral particles. Scientists arent yet sure exactly what constitutes an infectious dose of COVID-19, but they do know that the longer you spend in the presence of someone who has the virus, the more likely you are to become infected. They also know that certain activitieslike singingseem to make transmission more likely, as do certain environmentsparticularly confined indoor spaces with poor airflow.

When considered from this perspective, the SOC is a nightmare. Most security operations centers were designed for physical security, which means limiting accessibility, not improving airflow. Most are interior spaces without windows, with ceilings made of solid material (no drop ceilings), and limited ventilation. Showcase SOCs with large-panel visual displays taking up entire walls of the facility and multiple desks amply stocked with monitors are rare outside of the worlds very largest (and most security-focused) enterprises. Instead, most real-world SOCs are in tiny, tightly enclosed spaces.

Whats more, the work performed in the SOC demands close collaboration. Analysts frequently consult their colleagues when performing research, evaluating risks, or assessing the best means of dealing with a threat. A security analysts job involves creativity, critical thinking, and decision-makingthings that can be improved when theyre discussed with peers or more senior coworkers. Shifts are long, so ordinary SOC operations involve bringing people into close proximity with one another for extended periods of time.

In ordinary circumstances, SOC operations are not readily amenable to the remote work model. In SecOps, speed is vital to success, and collaboration takes place much faster when people converse face-to-face than when theyre using video conferencing software or other collaboration tools to share their ideas.

Although security operations in general requires extensive collaboration between analysts, in no role is this more critical than that of the Tier 1 Analyst. As the most junior members of the security operations team, Tier 1 Analysts must engage in a great deal of on-the-job training, including numerous whiteboarding sessions. Theyre also encouraged to consult with more senior co-workers regularly while they learn more about the nuances of the role.

For all security analysts, there are benefits to in-person interactions; for Tier 1 Analysts, its difficult to do the job without them. More senior analysts are able to make more decisions independently and need less face-to-face contact for education and training.

When an intelligent automated decision engine like that of theRespond Analystis called in to perform cybersecurity monitoring, security operations programs are able to shift the composition of their teams, employing more Tier 2 and Tier 3 security analysts, and relying on software to perform the bulk of Tier 1 analysts functions. No matter the circumstances, this has the potential to make the security analyst role more fulfilling and rewarding, increasing job satisfaction and reducing turnover. It will also increase teamseffectiveness and efficiency, enabling them to review far more events than would ever be possible manually.

But today, in the face of a global pandemic thats far from over, introducing automation into the security operations workflow comes with one additional benefit: by reducing the number of personnel needed to staff the SOC, and particularly the number of Tier 1 analysts, it can lessen the health risks of working in security operationsand thus save lives.

Theres no way around it: SOCs cannot easily be remade so that theyre amenable to social distancing. And the activities performed within them remain critical for mitigating organizational risksrisks that may only be amplified as many companies navigate a rapid transition to remote work. Even senior security analysts are able to work more quickly and effectively in person than they can when telecommuting.

Implementing intelligent automated solutions like the Respond Analyst doesnt solve all the problems in security operations. Nor does it remove all the risks that come with working in a SOC during a global pandemic. But it does point the way forward toa new paradigm. In the future, automation can be called upon to perform many of the repetitive and mundane tasks that are done by humans today. This will not only save time, money, and frustration for workers, but it will also remove significant vulnerabilities from our operational processes and supply chains.

The post The COVID-19 Crisiss Impact on Security Operations: Automation Comes to the Fore appeared first on Respond Software.