Our Director of Products, Jay Botelho, believes in the importance of automating aspects of network data collection to help security analysts find and resolve issues faster. He discusses this in more detail in an ITProPortal (UK) article.
You can find the full article here, but here’s an excerpt:
People are no longer surprised by data breaches. Many breaches are perpetrated by malicious actors. Others are the result of lapses in internal security protocols. The one common thread today is that every organization, whether it is a retailer, a healthcare provider, a financial institution or a government agency, is becoming more dependent on the network and its data. The traffic flowing across the network is what keeps the organization in business, so the data has enormous intrinsic value to the enterprise. Although breaches at companies like Yahoo have garnered a lot of attention recently, the sophisticated and automated tools used by hackers put every company, regardless of size, at serious risk of being hacked.
A primary reason for this weakness is that the volume of alerts has become so overwhelming that security teams typically only have the bandwidth to investigate a small percentage of the highest priority alerts each day. It’s very easy to find the bottleneck in this process; current security solutions typically require a disjointed, multi-step process that forces security analysts to manually correlate aggregated data from alerts with the corresponding network logs or traffic. Picture multiple screens and a lot of manual cross-checking, which is certainly not ideal when time is such a valuable commodity.
The key to improving security alert fatigue is automation.
The security industry sorely needs automated tools and processes that work in the background to collect suspicious network traffic, making it readily available to analysts whenever needed. By centralizing and automating much of this process, analysts have much more time to investigate alerts each day, which in turn greatly increases the likelihood that they will find and limit the impact of a breach.
Jay Botelho, Director of Products at Savvius