In-brief: Security orchestration and automation tools seemed like fantasy technology just a few years ago. But this year’s RSA Conference suggests that the time for automation tools may have arrived. In this interview, we talk with Oliver Friedrichs of Phantom Cyber.
One of the prominent themes at this year’s RSA Security Conference was the drive towards more automation of information security tasks. There are bunch of factors driving this trend. Chief among them: the scarcity of information security workers. After all, the U.S. has a shortage of more than 200,000 information security workers as of 2015, according to a study of Bureau of Labor Statistics data by Peninsula Press.
In the short-term, that shortage is leaving companies vulnerable to the predation of malicious hackers, a study by Intel Security found. In the longer term, however, it is spurring investment in technology that can replace the work done by information security professionals. By automating low-level tasks, such as reviewing and responding to security alerts, companies can focus their precious human resources on higher level tasks – such as incident response or remediation, that can’t be automated (at least not yet).
These topics came up in my conversation with Oliver Friedrichs. Oliver is the founder and CEO at Phantom Cyber, which was the winner of the RSA Innovation Sandbox Competition in 2016, and one of the pre-eminent firms doing security “orchestration” – basically getting different point security products to work together. The company’s technology is designed to automate many of the tasks performed in Security Operations Centers (or SOCs), from incident identification on through remediation.
In our interview, Oliver said that most of the company’s customers today are large enterprises and that automation of security tasks starts small: with low-level tasks performed by Tier1 SOC analysts. However, some of the company’s customers have automated 90-95% of their SOC activity using Phantom Cyber’s open platform, which allows customers and third parties to create “apps” that might automate a series of interactions with third-party tools like endpoint security or data leak detection.
“If you look at the largest companies in the world, they have 40, to 50 to 60 individual security products they’re trying to manage and a whole room full of people trying to manage them through different consoles,” Friedrichs said. His company tries to simplify that – providing a common interface for incident response, automated remediation, threat hunting, containment and other functions.
With experienced SOC workers and other security pros demanding six figure salaries, Oliver said the ROI on a technology like his company’s is easy to justify, but that the complexity of much of this work is still high. Smaller enterprises – let alone small and mid-sized firms – simply don’t have the budget or wherewithal to invest in security orchestration or automation, at least yet.
Check out our full interview on RSAC TV below.