Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

In 2023, DIR Approaches will Help Enterprises Solve Cybersecurity Woes

By Brian Foster, Chief Product Officer at ReliaQuest

Predictions are an interesting concept. Of course there are easy predictions-like ransomware is going to continue to be a security threat. That's a no brainer. It's going to continue to be the norm and one of the number one things that organizations need to resolve. Along those lines, I think it's safe to say that ransomware for hire and ransomware as a service (RaaS) will continue as well.

Another safe bet is that the biggest threat in the enterprise is going to continue to be email. It's people-based and employees are going to open those emails and click on links. An organization's ability to detect and respond to phishing malicious emails is going to continue to be one of the number one challenges and threats in 2023.

Skills Shortage Leads to Technology Challenges

Now for a little more thought provoking prediction-Security Operations (SecOps) Platforms to scale detection, investigation and response (DIR) processes will be the lifeline for SOC teams. There's an obvious skill shortage in cybersecurity; we all know this. But, it's not a shortage of people willing to work in cybersecurity. It's that they just don't know how and don't have the skills necessary. We also know that there is an uptick in cyberattacks aimed at today's enterprise-and credential/identity theft is at the heart of the matter. Cybercriminals will stop at nothing to compromise their targets.

That's why organizations need to have robust DIR capabilities. Utilizing a SecOps Platform with the right expertise is the answer here. At ReliaQuest, we've seen dramatic improvements in our SOC by doing just that. In a year's time, we've seen a 110% improvement in visibility, a 91% improvement in threat detection coverage and a 58% decrease in alert triage and response times. 

Understandably, the skill shortage could make it hard for enterprises to use an on-premise SecOPS Platform. And so it relates to maybe another prediction, which is that enterprises are going to continue to need help detecting, investigating and responding to cyberattacks. They don't currently have the resources or trained personnel and they're going to look for a third-party partner to help them with not only the technology, but expert services and expert help as well.

Looking Ahead

How do these third parties detect, investigate and respond to threats so quickly? It's going to come down to automation to help an organization come out ahead after a potential attack. If I were a betting man, I would say that the part of the process that needs to be automated most is the investigation stage-that's where most of a security operations team's time is spent trying to determine if something ‘bad' did in fact happen in the first place.

Let's say you get 500 tickets a week in your SOC that need ‘investigating.' That's potentially a lot of manpower to go through each one individually. If you have a built-in automation system that automatically handles the investigation part of the transaction, then the process can potentially be cut from hours per investigation to minutes. Then, your team can focus on the response. In all honesty, it's not too difficult to respond to an incident once you figure out one actually occurred. Responding and handling the situation is obviously the priority, and automation is one of the key ways to get there.

There's an obvious people and skills issue. The solution in this case is technology-based, in the form of a SecOps Platform with the right expertise.

##

ABOUT THE AUTHOR

With more than 30 years of experience leading high-performance teams across information security brands, Brian Foster is responsible for overseeing all areas of the company’s product management, including product design and user experience. He currently serves as a strategic advisor to Awingu, a provider of unified workspace software. Prior to joining ReliaQuest, Foster was Chief Product Officer at MobileIron, where he helped reposition the company to focus on Zero Trust. He also founded a startup in the identity management space and held various senior product leadership roles with Neustar, Damballa, McAfee and Symantec.