ESG just published a new research report titled, Cybersecurity Analytics and Operations in Transition, based on a survey of 412 cybersecurity and IT professionals working at large mid-market (i.e. 500 to 999 employees) and enterprise (i.e. more than 1,000 employees) organizations in North America and Western Europe. (Note: I am an ESG employee).
The data is quite interesting to say the least, so look for lots of blogs from me over the next few weeks on a myriad of security operations topics we covered in this project. Furthermore, my esteemed colleague Doug Cahill and I are hosting a webinar on the topic this Wednesday, July 19. Feel free to attend.
When I do end user research on cybersecurity topics, I usually ask respondents a basic question: How are things today compared to two years ago? This research project was no exception, and as it turns out, 27 percent of survey respondents say cybersecurity analytics and operations is much more difficult than two years ago, while another 45 percent say cybersecurity analytics and operations is somewhat more difficult today than two years ago.
Review of this articleThis article gives 4 major problems in infrastructure security in 2017. Here are 2 possible answers to these problems.
The need for automationAutomation is, indeed, the key point of a good infrastructure security.
You must keep in mind that you are not so many to maintain the system than the ones who will try to break it. Automation is here to restore the balance a little bit.
An automated audit for security does not have any bias a human mind has. When you develop a solution and know there is a problem in a part of the code you will have a tendency to avoid it to keep positive tests (a confirmation bias), an automated system will not. It will test it and break, revealing the problem.
ComplianceCompliance to security and industry standards is a need to grow a company or brand. It is, also, a cost saver.
In matter of security, it is always important to respect the Linus Law and the second Kerchkoffs' principle.
If you try to reinvent the wheel or create your own standard you are the only one to know how to maintain it, you must be a genius to be more productive than thousands of hackers who will try to find flaws. If you want to hire someone, his background experience is useless, he has to learn everything. So, it doesn't keep up with security and productivity.