EDITOR’S COMMENT
In short, all existing 2020 budgets
are getting dusted off and teams are
going to reprioritise future initiatives,
and dashboard unification projects
will quickly become a priority.
Comfortable soundproof headsets or virtual reality goggles to
minimise toddler distractions and help physically delineate
work and family, more specifically, kids. In all honesty, the
obvious pre-COVID trends of office chat messengers and transitions
into the cloud will continue to pick back up. And the current-COVID
trend of enterprise-grade video communications will stabilise by Q3 as
companies exhale from the potentially hasty Q1/Q2 decisions, having
had performed more due diligence research. But for hot post-COVID
technology, businesses returning to the potentially ‘new normal’
will quickly find themselves battling a new obstacle – dashboard
unification across integrated technologies. This is not a new gap across
teams but it is amplified by the industry buy-in of Gartner’s Security
Orchestration, Automation and Response (SOAR) framework; where
the orchestration and response components emphasise the integration
of cyber initiatives and workflows across a team’s technology stack.
Over the past year or so, there has been a steady incline of
automation and steady decline of GUI usage as teams rely more
heavily on RESTful API structures and flexibility to push and pull
data. Given the post-COVID environment, most analyst teams can
no longer work shoulder-to-shoulder, relying on verbose reports
getting the necessary additional supplemental insights via a physical
conversation (e.g. passing the report author in the hall or elevator
to enquire about the additional details). For example, analysts used
to spend 99% of their daily routine in the SIEM and ticketing system
dashboards triaging alerts and closing investigations. However, those
days of manually gathering alert information are over. Automation
tools perform most of the analyst tier I tasks of acknowledging
a SIEM alert and creating a ticket. Whereas, orchestration tools
perform a chain of tasks to collect data across the technology stack
and, potentially, perform actions based on that information.
The need for an analyst to sit inside the SIEM or ticketing system
dashboard are fading quickly. But it also does not make any sense
to spend their time within an orchestration dashboard as they were
built to provide a process-centric view versus a threat- or adversarycentric
view. So what technology dashboard should analysts spend all
their time going forward?
RYAN TROST, CO-FOUNDER AND CTO, THREATQUOTIENT
Teams are going to start to invest in
purpose-built dashboard technologies.
Technologies where the team can collectively
decide what information is relevant to
them and leverage the aforementioned
RESTful APIs across technologies to keep
the entire security team unified. This
natural evolution will inevitably overlap with
business intelligence platforms which are
meant to take a large amount of data and
highlight patterns, trends or a necessary
superset of pertinent information. In short,
all existing 2020 budgets are getting dusted
off and teams are going to reprioritise
future initiatives, and dashboard unification
projects will quickly become a priority. •
There has been a
steady incline of
automation and steady
decline of GUI usage
as teams rely more
heavily on RESTful API
structures and flexibility
to push and pull data.
INTELLIGENT TECH CHANNELS
INTELLIGENT
TECH CHANNELS Issue 31
17