Threat Detection illustration

What’s the Future of Detection Teams? Five Predictions for What Lies Ahead 

Cyber threats are rampant, but security teams lack the tools, resources, and support to do their jobs effectively today — much less prepare them for tomorrow. In this Expert Insight, Jack Naglieri, the CEO of Panther, writes about where the state of security is currently, and where it is headed.

What does the future of detection look like? Like more efficient security teams empowered with the tools and systems, they need to protect their ever-scaling organization.

With threats rampant and $3.86 million being the average cost of data breach, rapidly scaling cloud adoption, and a rising inflow of data daily, security teams have a lot to contend with in order to keep their organization safe. Yet many teams lack the tools, resources, and support to do their jobs effectively today — much less prepare them for tomorrow.

Security Ledger Sponsored Content

Security teams are stressed, to say the least. During my time as an incident responder, I saw how the limitations of traditional SIEMs were straining security teams. SIEMs have evolved, but not fast enough to handle the sheer volume of data flowing in daily. Teams need tools that can parse data at scale, support customizable alerts, and provide the flexibility required. That’s why I started my company — to find a new approach to solving the challenges of threat detection at scale.

Security teams need better tools, more efficient approaches, and overall organizational support to enable them to do what they do best. Here’s where the state of security is currently, and where I see it headed.

The Current State of Security Teams

Jack Naglieri, CEO, Panther Labs
Jack is the CEO of Panther Labs.

With 20% of organizations saying they’re going to migrate all of their applications to the cloud in the next year, and 48% of organizations planning on migrating 50% or more, security teams are preparing for an exciting yet fast-paced future. Threat detection at scale will require more efficient processes that can improve reliability, handle massive amounts of data, and create more collaborative workflows.

The problem today is that legacy SIEM tools were never built with this kind of rapid cloud-based scaling in mind. They also suffer from high operational costs, slow performance, rigid languages, and even high licensing fees. As such, they can’t meet the demands of a security team’s current workload and certainly won’t meet it in the future.

If SIEMs aren’t going to support the future of cloud-scale detection, what will?

Five Predictions for the Future of Detection Teams

Here are some of the evolutions we’ll see in tools, principles, and processes that will help security teams overcome their current challenges and build a stronger security posture for their organization.   

More reliance on code than dashboards

While dashboards can give teams an at-a-glance view of their environment, they don’t necessarily present a true behind-the-scenes look at how your detection is actually built to function and may mask much-needed alerts from view. Detection teams will find more value and flexibility with the code they create designed precisely for their environment, and will move away from static dashboards.

Why Security Practitioners Are Unhappy With Their Current SIEM

Increased efficiency and less overhead

Scaling detection and making it more efficient will come through adopting detection-as-code and other automation approaches. As teams create and deploy their automation, we’ll see less need for analysts to have to do manual work and a decrease in operational overhead. This means more time and attention is paid to enhancing an organization’s security posture, learning threat tactics, and proactively planning for the future. Employing server-less architecture can also help with reducing system overhead and freeing teams up, too.

Better accuracy with detections

Security teams will inherently see more alert accuracy and precision as they begin to code, test, deploy, and fine-tune alerts tailored to their environment’s needs. As a result, teams will see reduced false positives and alert fatigue, and automating workflows can eliminate alerts that previously required hours or days of chasing to resolve. Not only will security teams be able to better identify attacks, they’ll be able to respond more quickly as well.

Leaner teams with more impact

The more precise and accurate the automation, the fewer frontline analysts a team will need. Analysts will be freed up from manual work to focus on higher-impact activities for their team, like ramping up on new threat tactics, improving security approaches, and expanding workflows to make them more precise and sophisticated. Additionally, as they begin to write more software, security teams will be investing in transferable knowledge and skills to continue the impact into the future.

Universal coding languages for increased collaboration

Finally, security teams are always looking for better ways to collaborate to increase their impact. One of the benefits of utilizing a universal coding language like Python for detections is that a lot more people are familiar with it. Teams are able to understand and check each other’s work, and using a common coding language allows teams to share on platforms such as GitHub in order to get more eyes on the problem.

Forging the Future of Detection

(*) Disclosure: This article was sponsored by Panther. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.