Cybersecurity threats are hitting organizations more frequently and from more directions than ever before. Unfortunately, enterprise security teams aren’t growing as quickly as the threats they face, which means infosec professionals have to work more efficiently to keep up.
One way to build a more efficient IT security operation is to adopt human-machine teaming solutions that pair automation and advanced analytics with trained security analysts. Recently McAfee held a series of Security Operations Roadshows in Toronto, Ottawa and Montreal with our partner Interset to highlight some of the benefits human-machine teaming can bring.
At the events, McAfee Vice President and General Manager Jason Rolleston, noted some organizations invest in Security Information and Event Management (SIEM) systems, believing that doing so will protect them from cybersecurity incidents. While investing in a SIEM is a necessary step, it’s only part of building an effective cybersecurity solution.
Once a SIEM is in place, organizations need to build a plan that focuses on particular risks or challenges. Depending on the type of organization, the focus could be on breaches, compliance, or denial of service. Without a focus, analysts won’t be able to handle all the information that’s being thrown at them by the SIEM.
The final phase in a comprehensive cybersecurity plan is adding tools that can help analysts investigate and respond to attacks. Solutions featuring advanced analytics and automation can help analysts pinpoint specific threats quickly, so they can be dealt with before they cause harm to an organization.
Stephan Jou, the Chief Technology Officer at McAfee partner Interset, walked attendees through how analytics and artificial intelligence can complement a SIEM and enhance the capabilities of a security operations team.
Analytics and automation don’t replace humans – they scale them, allowing them to handle more information and better identify threats. Interset’s solutions use mathematical modelling to determine risk, based on data aggregation and real-time monitoring.
For example, an insider threats detection solution would build a behavioural profile for employees within an enterprise, then monitor traffic based on the user, machine, applications, data types, etc. to determine a threat level. If a user was downloading large amounts of data from a remote location, when they typically would not need access to that data, the insider threats product would flag them to a security analyst as a high risk, requiring immediate action.
Given the huge amount of data and sources security teams have to deal with today, there is a growing need for human-machine teaming. McAfee’s Enterprise Security Manager combined with other tools such as McAfee Behavioral Analytics and McAfee Investigator enable enterprise security operations teams to streamline and improve threat detection, while improving response times.
Learn more about combining the unique strengths of humans and machines for better security outcomes.
About the Author