This is part of a Black Hat interview with Hardik Modi, Vice President Threat Intelligence that originally ran on https://www.blackhat.com/sponsor-interview/05262017.html#fidelis
Question: Organizations are under increasing pressure to improve incident detection and to reduce dwell-times. What are the biggest challenges they face in implementing these capabilities?
Threat Expert’s View:
There is vastly increased emphasis on threat monitoring and incident response as security disciplines. The single biggest challenge to this endeavor is the talent shortage. This challenge starts from the first-line analysts and extends through to the specialized roles such as reverse engineers and threat hunters. There has been an exponential growth in the need for personnel to conduct these functions and it's impossible to scale the talent pipeline needed to address the issue globally. Even where organizations are satisfied with the teams they've built, processes usually haven't evolved to the point where they can withstand the loss of key personnel as they look for new opportunities. Add to this mix the broad range of, sometimes incompatible, security technologies that the organization is expected to deploy and you understand why cybersecurity remains a subject of great anxiety for the enterprise.
It's my opinion that organizations have to invest in human capital through training but there will need to be superior technology to drive productivity.
As security categories emerge and mature, they will have to be measured on how much the organization benefits through superior workflow and acceleration of response, beyond classic measures (e.g. prevention capabilities).
The solution that enables the full flow of detection to response, with as much automation and knowledge-enrichment as possible will ultimately lead and win. Further, as a community, we must get to where Incident Response is a mature discipline and we're not reinventing the wheel in each organization. As much as it hurts to lose talent, we have to prepare for when that happens and look for ways to reduce friction and the learning curve as new people join the team, empowering them with mature technology and process.