How FDR Helps with the SecOps Staffing Dilemma

Posted on 2022-09-09 by Pedram Amini

Unless you live under a rock, you are well aware our industry is way short on cybersecurity workers. It’s been lamented for years and shows no signs of improvement. In fact, by one account, we’re short 3.5 million workers - we’ll be no further along even five years out.

So what happens when there is a massive talent gap? Let’s look at our options. Well first, let’s just make it less attractive for attackers to play this game. That’s a fool’s errand. It violates Sutton’s Law, named after Willie Sutton, who - when asked why he robbed banks - replied "because that's where the money is." Second, the educational system tries to increase the supply of talent. Applause. We hope that proliferates. But, it’s a long game - and the pain is now. Third, organizations try to increase demand through pay hikes. Ok. That very effectively drives up poaching by the highest bidder, but does nothing to increase the size of the talent pool.

There is a fourth option. Technology providers will invent ways to achieve more with less. Considering the set, this is only one with any near-term plausibility. Let’s dig into that one.

We all know the promise of Machine Learning (ML) - a scaling technology heavily in play across many security solution vendors (InQuest included) that is progressing rapidly, and will only continue to do so. But, it's not a silver bullet today. ML alone can't accomplish the job. Instead, it is the combination of man and machine that brings forth three major benefits. First, remove the mind-numbingly repetitive, rote, exhausting work of finding signal in the noise - from the desks of our precious few security analysts before they all quit out of sheer burnout. Second, convert remaining signal into a limited stream worthy of human cognition, steering the direction of our analysts. And third, for those really hard to decipher low-fidelity signals where computers just don’t perform well, give the analysts a methodical, data-driven approach that frees them to quickly and effectively do the sleuthing they crave - finding the sneaky attacker who got through all defenses and ratting him/her out before their objective can be met. 

There are at least two key ways where File Detection and Response (FDR) directly adds value. First, it provides a definitive methodology for reducing the attack surface by implementing granular controls that drastically reduce the options typically available to threat actors. This is fueled by DFI and reduces the options available to an actor, restricting their TTPs. Second, automating threat hunting with real-time intelligence enables a much larger population of security analysts to hunt fast and effectively. A major design goal of InQuest FDR is to automate the monotonous work of the analyst. Task the machine with the mundane and free human cognition to be applied where it is most needed (and wanted by the way). Look at the SecOps surveys out there - most respondents report spending the majority of their time on tasks they loathe, with threat hunting being the task voted most desirable. Our founder dealt directly with these challenges first hand for over a decade. It was that necessity which led to the invention of InQuest FDR, born in the Pentagon SOC, designed and built by analysts in support of a mission where failure is not an option.

InQuest FDR reduces attacker freedoms, enables our existing SecOps talent pool to stay in the game longer, and increases bench strength - all at the same time. Now it's available for the private sector.

Want to learn more? Check out our FDR overview here. Prefer a quick video, click here.


Tags
file-detection-and-response

Get The InQuest Insider

Find us on Twitter for frequent updates, follow our Blog for bi-weekly technical write-ups, or subscribe here to receive our monthly newsletter, The InQuest Insider. We curate and provide you with the latest news stories, field notes about innovative malware, novel research / analysis / threat hunting tools, security tips and more.