Threat Intelligence (TI) analysts are one of the key groups of experts in Security Operation Centers (SOCs) and play an important role in making sure IT systems are functioning properly. They are in charge of identifying attack vectors that most threaten the organization, define their company’s defensive strategy and help other team members make informed decisions about potential threats. However, handling such a vast amount of responsibilities, data and managing repetitive tasks is the exact type of work that makes TI employees prone to burnout.
A recent study surveying CISOs and senior IT leaders for enterprise businesses found that 70% of respondents agreed that it has become difficult for enterprises to source skilled cybersecurity pros, and 40-49% said the difficulty extends across multiple roles, including threat intelligence. Such a high-pressure role combined with a mandatory level of hiring expertise is a significant challenge for companies, meaning that many must get by with an understaffed and overworked team.
As a result, organizations are looking for different ways to retain talent and avoid burdening these professionals with increasing tasks and responsibilities. Two possible ways to alleviate some of their workload include employing interns to take on simple jobs, or installing solutions with Artificial Intelligence features to make up for the skill shortage. Nonetheless, there are some challenges to these alternatives to consider that will be explored here.
Leveraging interns to lessen the burden
When it comes to lessening the burden of simple tasks for employees, hiring interns can be a suitable solution that allows upper management to focus on more demanding tasks. An ideal picture looks like this: while novices in the profession take on simple tasks, skilled specialists can devote their time to more complicated issues.
In doing so, a company is able to produce in demand professionals in house, and train them in such a way that is most applicable to their organization. Interns are then able to learn from experts in their field, and take on more responsibility as they gain experience.
However, there are limitations to this approach. As most interns are limited in real world experience, they will likely require a mentor who will be able to advise them through their work, which can add yet another task to experts’ already demanding daily routines.
Nonetheless, interns are the best way to train and produce additional TI specialists in the field so that there are more individuals suited to take on this type of role, so it is worth considering interns as a long-term plan instead of a quick resolution to a resourcing problem.
Benefits of a balanced automation and artificial intelligence approach
Another solution to better manage an expert’s daily tasks is to implement ‘smart’, artificial intelligence (AI)-backed tools that can automate parts of their job. Such security solutions are good at collecting data, both internally and from external sources, and also offer effective pre-processing and categorization. This helps to save time when such steps need to be taken.
Nonetheless, analysis of information coming from various sources, its correlation, understanding of business risks and making decisions based on the collected data all still require human expertise. The survey conducted at the RSA Conference 2020 confirms this with 60% of respondents feeling more confident in findings verified by humans rather than those generated by AI. They say that creativity, previous experience and intuition are essential advantages of taking a human approach.
When considering an AI or automated approach, it is more efficient to balance automation and human parts of analysis and adopt both machine and human-readable TI reports. Efficiency of machine-readable TI depends on how smoothly it is integrated with existing security controls, as well as on the quality of data. As such, a team needs to revise offerings from a number of vendors and choose the strongest data feeds from several of them. To quickly investigate threats, analysts also need access to background on threats.
While the responsibilities in the role of TI analysts poses significant challenges, there is yet to be an easy fix. Therefore, it is necessary to clearly determine the priorities of a TI analysis department, understand what the team is able to remedy more immediately and then determine what resources they are able to invest in long term. Such an approach will alleviate TI analysts from an excess of burnout, and will result in a more well-rounded work environment for these employees.