A new report from IDC, sponsored by Splunk, revealed the amount of pressure that security professionals are under. Not surprisingly, they are increasingly overwhelmed by the security threats to the infrastructure and data, and it is a struggle to keep up. For instance, less than half (47 percent) of security teams gather enough information about those incidents to enable appropriate or decisive action. Firms experience an average of 40 actionable incidents per week, but only a quarter (27 percent) think they are coping comfortably with this workload, and a third (33 percent) describe themselves as “struggling” or “constantly firefighting.”
In response to the report’s findings, Mike Patterson, CEO of Plixer, told me in an email comment:https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Despite investments into the most sophisticated threat detection systems, the volume of alarm triggers is a tsunami that most IT teams can’t swim through. Security teams are already overburdened with investigations and struggle to keep up with sleuthing every odd behavior pattern. This is why investigations need to take place quickly and include the contextual details that requires cross-system integration.
This report brought to mind the keynote speaker from Enfuse 2017, Theresa Payton. Payton served as the first female CIO in the White House, under George W. Bush, is currently president & CEO, Fortalice Solutions, and is a Command Center Investigator on the tv show Hunted. This is a woman who understands overwhelming security threats and trying to cope with all of the triggers and incidents and an ever-changing threat landscape.
So how did she cope? Part of it returns to the same talking point I’ve been hearing for months – it all goes back to the people interacting with your networks. People are busy. They are multi-tasking. They are working on six-inch screens. They aren’t paying close attention.
Involving employees in security planning and prevention can go a long way in relieving some of the stress security professionals are feeling. Payton said when she was working in the White House, she would do regular walk-abouts. She would talk to people who had access to sensitive government data and ask them what they were doing, what their issues and concerns were. One thing she was told was that when the staff traveled with the president, they didn’t have access to the information that was on their computers, so they’d print out screen shots. This created serious security problems because it meant that there was a loss of control of the data. When it is on the network, it could be monitored and secured, but in printed form? Who knows what could happen or who could gain access to it.
Payton was able to derive a fix for that issue, but her point is that every company has ways that they put data at risk without realizing it. Regular conversations with employees, asking them what they are doing in their regular routines, and understanding how exactly they access and use information can go a long way in creating a security system to fix the problems.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba