Amid AI and Machine Learning, the Human Touch Remains Crucial to Cybersecurity in 2019, New Network Security Survey Finds

Share and earn Cybytes
Facebook Twitter LinkedIn Email

by Bricata

Amid the fervor over artificial intelligence (AI) and machine learning, it’s easy to lose sight of just how important human involvement is in cybersecurity, a new survey finds.

We know network security is complicated and becoming increasingly complex given a multitude of reasons including sophisticated attacks, the proliferation of IT infrastructure and changes stemming from IoT, cloud adoption and BYOD, among others. So, the Bricata team conducted a survey to ask cybersecurity professionals about the challenges and opportunities they face in network security.

The importance of a human touch stood out when respondents were asked where they think their security organization should focus its future efforts. On a weighted average, based on a five-point scale, the answers stacked up as follows:

Security analytics (4.20)Security integration (4.12)Behavioral analysis (4.07)Collaboration (4.0)Machine learning / AI (3.97)Threat hunting (3.88)Signature detection (3.33)

As you can see, collaboration is fittingly positioned in the middle of tools and processes like analytics and threat hunting. Collaboration is a distinctively human characteristic and it’s interesting to see it come out ahead of machine learning and artificial intelligence (AI) as an area of focus.

Here is a summary of key findings from the survey:

1) Top network security challenges are insider threats and complex IT.

A majority of respondents (64%) said network security is harder this year as compared to last year. When asked about network security challenges, insider threats (44%) and the complexity of IT infrastructure (42%) topped the list. These were followed by:

A lack of leadership support (40%);Security technology interoperability (37%);Shadow IT (31%);BYOD (26%);A deluge of security alerts (22%); andToo many tools (18%).

No single topic drew a majority. That fact only serves to underscore the diversity of problems facing network security which vary by industry, IT environment and perhaps organizational culture.

It’s also worth noting, in our assessment of the answers, “insider threats” are not necessarily people with malicious intent. This likely includes accidental incidents set off by well-intended users inside the network.

2) Integration of security tools is a growing problem. 

Most organizations used between 1 and 10 tools for the purpose of network security. This seems reasonable given other studies put the benchmark for the overall security organization – including endpoint security for example – at between 10 and 50 tools.

The real problem the survey uncovered isn’t necessarily the number of tools the organization is using, but the lack of integration among the tools they use. About one-third of respondents said their security tools were not integrated, while another 28% said these tools were just somewhat integrated. No respondents indicated cybersecurity tools in their environment were completely integrated.

When asked why, in an open-ended question, respondents pointed to a combination of causes including the absence of industry standards, competition among vendors, and poorly-conceived procurement choices.

We believe the problem has reached a critical mass and as a result, security integration will be increasingly mandatory among the list of requirements in the security acquisition process. Enterprises will start demanding that new cybersecurity tools adhere to open standards, open APIs and readily allow the security operations center (SOC) to share data as they deem fit.

3) The cybersecurity alert deluge struggle is real.

Most organizations get a deluge of alerts.

A little more than one-third (35%) of respondents say their organization gets 100 or fewer alerts per day, which doesn’t sound too bad, but that’s the minority. About one-quarter (26%) of respondents put that number at more than 1,000 with 10% of those seeing more than 10,000 alerts. All remaining respondents fell somewhere between 100 and 1,000 daily alerts.

These alerts require time to investigate. The vast majority (84%) say it takes five or more minutes to effectively triage an alert. This means an organization with 1,000 alerts – which is a modest example in this survey – would have to triage 12 alerts per hour, for nearly 3.5 days without pausing to get through all of these.

The problem is compounded by the fact more alerts pour in all the time and some require more time to vet properly. For example, 58% of respondents said alerts take double the investigation time – 11 or more minutes to triage. The vast majority (82%) say their organization spends too much time investigating alerts at least some of the time.

Much of this is caused by a high signal-to-noise ratio. Many alerts are false positives which overwhelm the resources security teams have at hand.

“A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are critical, but we are missing vital information, which we then spend ages trying to locate.”

Some respondents candidly admitted they simply don’t investigate every alert, which risks a sophisticated threat slipping by in plain sight. It’s clear, a better means of prioritizing and triaging alerts is needed.

To read the entire survey results, please click here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Bricata
Bricata is a cybersecurity solutions provider that combines a powerful network threat hunting platform into a comprehensive threat detection and prevention solution to help determine the true scope and severity threats. Bricata simplifies network threat hunting by identifying hidden threats using specifically designed hunting workflows that use detailed metadata provided clearly and eases your transition from the known to unknown malicious activities in conjunction with an advanced threat detection and prevention platform which detects zero-day malware conviction.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?