We all know the next big IT shift towards AI and intelligent automation is on the horizon. Over the last few years, vendors and press have focused on the human-to-machine automation transformation. Many vendors promise solutions—but often those solutions are complex and not optimized for the channel.
The good news is that cybersecurity is primed and ready for automation now. But the question for Partners remains: How can VARs, Integrators, and MSSPs find the right solution that provides true human-to-machine technology to simplify life for their customers?
Here are 3 cybersecurity trends driving the industry towards automation and 1 simple recommendation that Channel Partners can leverage to get ahead of the game immediately:
Trend 1: Traditional console monitoring is ineffective
Security teams are spending too much time monitoring alerts that are providing little value for their efforts. Sifting through endless alerts with a high percentage of false positives is ineffective at best. It's causing us to burn-out analysts and puts us in a continuous cycle of hiring and training new analysts. The analysts interviewed for the Voice of the Analyst (VOA) Survey help to inform us on where analyst time is better spent and what activities we should automate first. Automating workflow to increase analyst efficiency is important, but automating level 1 alert monitoring itself? That's downright disruptive.
Cyentia Institute: Voice of the Analyst Survey, October 2017
Figure 1: We asked analysts to score their daily activities on a number of dimensions. One key finding is that analysts spend the most time monitoring, but it provides low value in finding malicious and actionable security threats. (Download VOA Survey here)
Trend 2: People shortage
Most security teams don't complain about a lack of tools. They complain about a lack of people. Whether the budget won't allow or skilled resources are in too high a demand to find (or retain), we've reached a point where supply has been outstripped by demand. What choice do we have? Leverage the power of machines to augment our security teams. This is finally possible with the advent of decision-automation tools that can off-load the task of console monitoring.
Bitdefender: CISOs’ Toughest Dilemma: Prevention Is Faulty, yet Investigation Is a Burden, April 2018
Figure 2. People shortage is a significant trend in our industry, forcing us to re-think how we'll actively monitor our environments.
Trend 3: Too many tools
"Too many tools" is a regular complaint in organizations. Did you know most large organizations have on average 75+ security tools? Small organizations are not far behind. It's all we can do to deploy these necessary security tools and maintain them let alone reviewing the endless alerts that these tools generate. What's even more challenging is that we've seen an industry trend toward platform-based tools (e.g. SIEM or SOAR) that require engineering resources with the expertise to build and maintain platform content such as correlation rules and playbooks. Many organizations are overwhelmed by this task. In contrast, tools with expertise built-in, intelligent applications if you will, are what's needed and they will change the way we think about platforms going forward.
Momentum Cyber February 2017 CYBERscape
Figure 3. Most organizations have dozens of tools to deploy and maintain.
An industry transformation is underway: Automation will disrupt the way cybersecurity is performed
We think 2019 will be the year of automation for cybersecurity. Customers will require automation to address the top 3 trends. They need to scale with the growing number of alerts and the increased complexity of monitoring today's hybrid environments. Adding more people is not the answer. Finding ways to automate to off-load cumbersome tasks typically performed by humans is the answer.
This presents exciting new revenue opportunities for Channel Partners and also explains why we are experiencing increased momentum with: VARs, Integrators, and even MSSP's. Respond Software is at the forefront of the industry transformation—applying machines to roles traditionally executed by humans.
One simple recommendation to gain a competitive advantage: the Respond Analyst
The Respond Analyst software is a scalable, plug-and-play “virtual analyst” that perfectly complements any security detection tool sale: Channel partners can increase revenue by providing both the tools and the Respond Analyst to monitor them.
This provides a unique selling opportunity for our Partners. Partnering with Respond Software gives customers—especially the mid-size enterprise ($50M-$1Bil revenue) simple solutions with fast results. Partners can also take advantage of recurring revenue, fast installations, and the potential to increase opportunities to sell more sensors.
To all of our potential partners: Please reach out if you're interested in learning more about our solution and our partner program by registering at our partner page. Here's an opportunity to bring new value to your customers and join us on our journey to bring automated security monitoring to the world.
For more information, read the Global Channel Partner Program Press Release
Chris’ security expertise includes building world-class Professional Services organizations as VP of Professional Services at ForeScout and global VP of Professional Services and Support for HP Software Enterprise Security Products. Chris’ depth in Security Operations and leadership includes a long tenure at Northrop Grumman TASC supporting various Department of Defense and government customersView all posts by Chris Triolo