April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Bridging the cybersecurity skills gap with automation: a blueprint for federal agencies
By Paul Nguyen
Major security breaches in 2013 have raised the level of interest in cybersecurity to near fever-pitch. Such breaches shine a spotlight on a shared challenge in successful cybersecurity strategy implementation: the increased sophistication of cyber attacks and the shortage of skilled workers available to defend against them. But inside every challenge lies an opportunity, and the skills shortage in the cybersecurity industry provides the necessary impetus for government agencies that can’t afford to wait for a skilled workforce to catch up to current needs. Using state-of-the art tools can enable agencies to pursue a more expansive strategy that includes technology and solutions that bridge the skills gap through security automation.
Skilled worker shortage
Cisco’s 2014 Annual Security Report points to a worldwide shortage of nearly one million skilled security professionals; other research reveals that some 25% of medium-to-large private concerns and 36% of government organizations claim to have a “problematic shortage” of IT and security skills. What’s more worrisome is that despite the acknowledged need for more skilled workers, the most recently released NIST Cybersecurity Framework does not address the shortage of qualified information security professionals, outside of the National Initiative on Cybersecurity Education, which encourages students to choose security-based curricula and careers but does nothing to meet the immediate need.
Meanwhile, the cyber attacks keep coming. In 2012, the U.S. saw a 400% uptick in mobile malware, a 42% increase in targeted cyber attacks, and a 300% rise in the number of data records compromised by a security breach. These dramatic increases reflect the dynamics of a digital economy. Technology is constantly changing and evolving, which means cyber attacks are constantly changing and evolving too. Attacks that come in looking like one piece of software code quickly mutate and adapt to the target environment, multiplying the number and types of attacks and proliferating at machine speed to expose weaknesses. The result? New vulnerabilities and attack vectors are continually discovered -- and security teams are continually playing catch-up. Add a security-literate labor shortage to such a landscape, and the outlook looks bleak indeed.
The Role of Automation
New security threats require new ways of thinking. Without access to the skilled workforce necessary to protect sensitive government networks from attack, agencies need to look to other sources of protection and defense. That’s where security automation comes in. Building automated and semi-automated courses of action that can be synchronized across a federal enterprise allows security professionals to effectively counter cyber attacks with coordinated and comprehensive defensive strategies.
Automation can help agencies in the early stages of network analysis by tapping into workflows and data directly from security information and event management (SIEM) tools and other enterprise-wide devices. By capturing such critical institutional knowledge, security automation can handle many tasks that security analysts previously performed manually. By automating or semi-automating existing workflows, agencies can reallocate resources to other, more urgent areas. Security analysts perform a critical function, but their non-critical tasks can be performed more effectively with automation solutions that enable them to focus on what’s important -- continuously secure enterprise operations.
New automation and orchestration technologies make such an approach both possible and practical. We know the gap between detection and response grows wider every day, and we know the speed, versatility, and frequency of attacks have reduced the effectiveness of traditional threat responses. Security automation can markedly reduce the current widespread dependence on manual intervention and passive defensive tools by allowing key resources to focus on threat analysis and containment, which are essential to keep complex large-scale systems and networks online. One agency that recently tested automation tools uncovered scenarios for increased efficiencies as part of the remediation of compromised VPN users. During the test, the time to support VPN helpdesk tickets dropped from an average of 40 minutes to fewer than two, which in a production environment could allow the agency to allocate its limited security resources on more strategic tasks. Given the current size of most agency security staff, the growing demands on that staff, and the shortage of available skilled workers, using automation tools strategically to augment security personnel delivers benefits beyond the immediate bottom-line boost.
After all, security automation does more than just bridge the skills gap. The enterprise-wide use of automation solutions means security administrators and analysts don’t have to distribute threat information to other administrators and analysts in order to act. And that means security teams no longer have to be held hostage by outmoded processes, hampered by red-tape, bound by strict adherence to rules, or hindered by varying levels of competence, all of which stall effective and efficient response orchestration.
Smart automation deployment means fewer hands are required to accomplish everyday tasks; it also maximizes the effectiveness of security team members. While the rest of the market waits for the skills gap to shrink -- while students pursue STEM- and security-centric degrees and workers update their current skills with improved training and certification programs -- government agencies can roll out security automation tools to drive the next big evolution in cybersecurity risk management.
Paul Nguyen is president of global security solutions at CSG Invotas.