Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday September 22 2017, @11:02AM   Printer-friendly
from the brought-to-you-by-Home-Depot,-Target,-and-Equifax dept.

I often talk about automation in my articles and it's a hot topic in general – a quick Google search reveals more than 100 million results for security automation. Given the global shortage of cybersecurity professionals, and the volume and velocity of increasingly sophisticated threats we all have to deal with, humans can't go it alone. Automation helps get more from the people you have – handling time-intensive manual tasks so they can focus on high-value, analytical activities. But the catch with automation is that it has to be applied at the right time in the security lifecycle in order to be effective.

You've likely heard the phrase: "dirty data in, dirty data out." Jumping to the end of the security lifecycle and using automation to take action – like automating playbooks and automatically sending the latest intelligence to your sensor grid (firewalls, IPS/IDS, routers, web and email security, endpoint, etc.) – can backfire. Without first aggregating, scoring and prioritizing intelligence you can actually exacerbate the dirty data problem.

[...] But with the sheer volume of threat data continuing to climb at a staggering rate, we need to start with the threat – automating how we gather, score and prioritize threat intelligence. Otherwise we're just amplifying the noise, wasting precious resources and hampering security – and that's the dirty secret.

Filter first, not last.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by Anonymous Coward on Friday September 22 2017, @12:35PM (7 children)

    by Anonymous Coward on Friday September 22 2017, @12:35PM (#571623)

    Fist line of TFA "The cyber security skills gap is known and documented, and empirically understood by all enterprise security leaders."

    Bahhhahhhaaaa!, oh wait your serious let me laugh even harder.

    Starting Score:    0  points
    Moderation   +4  
       Insightful=2, Touché=2, Total=4
    Extra 'Insightful' Modifier   0  

    Total Score:   4  
  • (Score: 1, Insightful) by Anonymous Coward on Friday September 22 2017, @04:11PM (5 children)

    by Anonymous Coward on Friday September 22 2017, @04:11PM (#571686)

    The best / worst part of management is how easily they tend to fall for such bullshit. Make up a whopping into like that, force them to internally agree or else they feel stupid for not knowing and reading the mentioned documentation. Then you can sell them any string of bullshit, their brain already gave up when it agreed to the first sentence!

    • (Score: 0) by Anonymous Coward on Friday September 22 2017, @04:34PM (4 children)

      by Anonymous Coward on Friday September 22 2017, @04:34PM (#571694)

      The3 thing I really don't get is why there is no recognition of the simple fact that to have information security you need people on staff that do that, I mean if your a mom and pop cornerstore you don't have the budget to maintain a staff of penetration testers, QA people and network, kernel and DB devs but if you are a multi billion dollar company and you can't through down a few million a year to test your own network in house you've already failed it's not like you need thousands or even hundreds of these people

      The user is the problem is true as far as it goes but it's a social problem that permeates most companies, it's why they can't hire good people (or keep them) it's basic human organizing if they want good security they would be better off hiring management from the local homeless population at least they know how to cooperate and organize to at least shot term goals, it's pathetic

      • (Score: 0) by Anonymous Coward on Friday September 22 2017, @09:25PM (3 children)

        by Anonymous Coward on Friday September 22 2017, @09:25PM (#571830)

        Time for a diet when you can't hit "e" without "3" ;)

        • (Score: 0) by Anonymous Coward on Saturday September 23 2017, @12:22AM (2 children)

          by Anonymous Coward on Saturday September 23 2017, @12:22AM (#571913)

          The very first word of the comment and he didn't catch it.
          Pitiful.
          ...and the Preview page is mandatory for ACs.

          ...then there's
          you can't through down

          .
          ...and the root AC did the Fist thing.[1]
          Again, the very first word of the comment.
          Again, pitiful.

          [1] I've done that several times, but I manage to catch it at Preview.

          -- OriginalOwner_ [soylentnews.org]

          • (Score: 1, Funny) by Anonymous Coward on Saturday September 23 2017, @02:50PM (1 child)

            by Anonymous Coward on Saturday September 23 2017, @02:50PM (#572112)

            One of the perks of being a registered user is that you can have the "Post Anonymously" checkbox ticked by default, and enjoy one-click AC posting -- never being forced to preview again. It's great for those of us with impecable speling!

            • (Score: 0) by Anonymous Coward on Saturday September 23 2017, @10:19PM

              by Anonymous Coward on Saturday September 23 2017, @10:19PM (#572178)

              On this topic, I've previous noted that spellcheckers are available gratis.
              I guess I'm doing that again here.

              Even when my spellchecker stumbles, Google usually provides good answers.
              In the 21st Century, I can't see any reason why a computer user should ever produce a misspelled word.

              a registered user [...] can have the "Post Anonymously" checkbox ticked

              Ah. Something I hadn't considered.
              Obviously, out of my experience.

              -- OriginalOwner_ [soylentnews.org]

  • (Score: 2) by DeathMonkey on Friday September 22 2017, @06:06PM

    by DeathMonkey (1380) on Friday September 22 2017, @06:06PM (#571724) Journal

    Just because that knowledge is completely ignored by everyone who matters doesn't mean it's not known!