Ryan Trost, Co-Founder and CTO, ThreatQuotient, explains what he thinks will be the hot technology talking point for the second half of 2020.
Comfortable soundproof headsets or virtual reality goggles to minimise toddler distractions and help physically delineate work and family, more specifically, kids. In all honesty, the obvious pre-COVID trends of office chat messengers and transitions into the cloud will continue to pick back up. And the current-COVID trend of enterprise-grade video communications will stabilise by Q3 as companies exhale from the potentially hasty Q1/Q2 decisions having had performed more due diligence research.
But for hot post-COVID technology, businesses returning to the potentially ‘new normal’ will quickly find themselves battling a new obstacle – dashboard unification across integrated technologies. This is not a new gap across teams but it is amplified by the industry buy-in of Gartner’s Security Orchestration, Automation and Response (SOAR) framework; where the orchestration and response components emphasise the integration of cyber initiatives and workflows across a team’s technology stack.
Over the past year or so, there has been a steady incline of automation and steady decline of GUI usage as teams rely more heavily on RESTful API structures and flexibility to push and pull data. Given the post-COVID environment, most analyst teams can no longer work shoulder-to-shoulder, relying on verbose reports getting the necessary additional supplemental insights via a physical conversation (e.g. passing the report author in the hall or elevator to enquire about the additional details). For example, analysts used to spend 99% of their daily routine in the SIEM and ticketing system dashboards triaging alerts and closing investigations. However, those days of manually gathering alert information are over. Automation tools perform most of the analyst tier I tasks of acknowledging a SIEM alert and creating a ticket. Whereas, orchestration tools perform a chain of tasks to collect data across the technology stack and, potentially, perform actions based on that information.
The need for an analyst to sit inside the SIEM or ticketing system dashboard are fading quickly. But it also does not make any sense to spend their time within an orchestration dashboard as they were built to provide a process-centric view versus a threat- or adversary-centric view. So what technology dashboard should analysts spend all their time going forward?
Teams are going to start to invest in purpose-built dashboard technologies. Technologies where the team can collectively decide what information is relevant to them and leverage the aforementioned RESTful APIs across technologies to keep the entire security team unified. This natural evolution will inevitably overlap with business intelligence platforms which are meant to take a large amount of data and highlight patterns, trends or a necessary superset of pertinent information. In short, all existing 2020 budgets are getting dusted off and teams are going to reprioritise future initiatives and dashboard unification projects will quickly become a priority.