Intelligence and the cyber skills gap

A skills shortage leaves organisations vulnerable to threats that can linger and persist without the organisation’s knowledge

FacebookTwitterLinkedIn
Intelligence and the cyber skills gap

 

Automation through analytics is the key to closing the security skills gap

The successful detection and response to cyber threats begins with an ample supply of skilled cyber security personnel, but according to recent surveys, over 1.8 million cyber security positions will be unfilled across the globe by 2022.1

A skills shortage leaves organisations vulnerable to threats that can linger and persist without the organisation’s knowledge.

Attackers are only too willing and ready to exploit this skills gap by developing new ways to evade current security controls. The current techniques include deploying encryption to mask attacks from detection and making it challenging to spot the attack amidst legitimately encrypted corporate network traffic.

Another hacker tactic increasingly prevalent is the use of file-less malware that resides in memory and not in the computer file system. That makes it more difficult to detect since it is virtually invisible to anti-malware tools.

One way to close this gap is through automation. Leveraging analytics and machine learning solutions help security teams connect the dots between seemingly random events and provide much-needed context, visibility and actionable advice. However, while most organisations using security analytics report better visibility into events, they need much more integration and automation across systems to fully realise the capabilities of intelligence and analytics.

The automation challenge

The typical security operations centre (SOC) setup relies heavily on intrusion detection systems (IDS) and logs, as well as manual processes for analysis and security metrics. According to the 2017 SANS2 SOC survey, most SOCs perform the multiple functions involved in prevention, detection, response, remediation, vulnerability management, and compliance, often with two to five full-time SOC employees.

This poses several challenges:

Lack of visibility beyond logs

Visibility into the network packet data, for example, helps detect the movement of sensitive data or command and control channels.

Lack of scalable tools and searching across multiple platforms

In a typical SOC, security personnel don’t have time to shift between platforms. There is a dearth of tools that can access all the platforms simultaneously and make fast queries. What is needed is a single platform without having to log in and out of different systems.

Pressures of responding in real-time attacks in progress

Analysing logs are a reactive approach to determining the impact of a possible security breach in the network. There’s just too much data for the SOC team to sift through to identify threat patterns they can address and remediate in real-time.

Manual correlation limits

Manual collation and charting log data is a tedious process. However, there are limits to what can be done manually to determine whether the incoming alerts are real threats or not, take the appropriate action against those threats and repair exploited vulnerabilities.

Integrating workflows and automation with analytics

Fundamentally, all analytics and machine learning are mathematical techniques. They are designed to discover patterns, detect connections in the data and mine information from the pooled data to decide what action should be taken, if any.

Workflows enable dependable decision making process. During a security incident, automated workflows eliminate the potential panic factor experienced by security analysts when they get too much security-related data.

By using workflows and automated analytics, companies can transform the security environment from reactive to proactive. There are several practical ways analytics and intelligence-driven security can improve the speed of detection and response:

● IDS alert reviews that are event-driven (rather than logs) and offers visibility into multiple actions that could represent a single event.

● Automatic patching and updating of impacted systems in managing vulnerability when the data becomes part of the workflow.

● Improving attack prevention by continuously monitoring vulnerabilities and automatically blocking any new threat action and all future instances.

● Automatically correlating security and operational data by determining and comparing what is unknown and unapproved behaviors through machine learning for greater accuracy.

● Drill down automatically to a chart or link for a single view for detection and response even with numerous disparate tools.

● Sorting only relevant data automatically during an incident to save time searching through threats that don’t matter.

Closing the gap

There’s no question that advances in deploying analytics to automate security functions in the network have increased visibility and reduced reaction times to emerging threats, while also helping to close the skills gap in many SOC environments.

Automation through analytics and machine learning will reduce the stress on security personnel who have to make sense of a continuous flood of disparate data while ensuring a quick and effective response to imminent threats.

Shifting to automation will help bridge the security skills shortage by saving time for understaffed security departments, deriving relevant threat data to provide additional security layers including a single pane view and automated behaviour analysis of potential actors in the network.

The net effect will release security practitioners to focus on other important tasks such as risk management, security governance and threat hunting. Using this type of approach, organisations can move to a proactive security framework, effectively plugging the cyber skills gap with continuous monitoring, automated workflows, and more informed incident response and threat hunting capabilities.

For more information on how automation can help your cyber security team, please email g-security@singtel.com.

 

¹ Global Information Security Workforce Study, ICS2 Study 2017

² Future SOC: SANS 2017 Security Operations Center Survey, May 2017

You may also like

Bridging the cyber talent gap: Why training matters as much as hiringShare
Apr 2025 | -
cyber security
Bridging the cyber talent gap
Singapore is tackling the cyber talent shortage by creating new ways for people to enter and grow in the field—no tech background needed. With industry-led training and support from key industry players, these programmes focus on real-world skills and practical readiness, helping build a stronger, more resilient cyber security workforce for the nation’s digital future.
Shield against cyber scams through preparedness programmeShare
Mar 2025 | -
cyber security
Shield against cyber scams through preparedness programme
Cyber scams are evolving, exploiting both technology and human psychology, making cyber security training essential for organisations. Frost & Sullivan explores how Singtel’s CSI offers a comprehensive Cyber Scam Preparedness programme, emphasising shared responsibility and victim empathy to equip frontline employees as the first line of defence against cyber threats.
Organisations with managed connectivity and cloud-delivered SSEShare
Mar 2025 | -
cyber security
Securing organisations with managed connectivity and SSE
This infobrief explores how managed connectivity and cloud-delivered Secure Service Edge (SSE) can protect IoT and mobile-enabled organisations, highlighting the importance of robust security solutions to safeguard devices, data, and networks in an increasingly connected world.