Three Ways to Orchestrate Response and Beat the Skills Gap

by Ted Julian

October 6, 2017

Many organizations are seeking to lessen the impact of the cyber security skills gap by increasing the productivity of their existing staff. Incident response orchestration can help.

Response orchestration provides guided response – ensuring analysts know what they need to do and when to do it, and are armed with the intelligence and tools to do so. As a result, analysts react and resolve incidents faster, and junior analysts can respond like more senior analysts.

In our recent webinar, “How to Alleviate the Security Skills Gap through IR Orchestration” – featuring guest speaker Joseph Blankenship, Senior Analyst at Forrester Research – we outlined real-world examples of how organizations use IR orchestration to improve their teams across all levels, from analysts to the C-suite.

If you missed the webinar, here are three ways your organization can start to orchestrate its response processes to help beat the skills gap:

Streamline Repetitive Triage Tasks

Analysts are bogged down – and, often, burnt out – by having to manually investigate the thousands of security events that organizations face daily. In the triage phase of response, analysts spend hours querying and pulling reports from disparate systems. This limits productivity and increases staff fatigue and turnover.

Security managers can combat this by automating many of the basic and time-consuming investigative tasks repeated daily. This not only improves staff efficiency and effectiveness, but enables analysts to focus on more strategic – and meaningful – tasks.

Develop a Structure for Reporting, Assessment, and Improvement

With an incident response platform (IRP), IR managers can structure response phases and associated reporting. This enables them to measure their team’s performance, identify bottlenecks, and uncover opportunities for professional development. For example, if certain teams or team members consistently take longer in the detect/analyze phase, they might need training on how to use threat intelligence feeds or other enrichment controls more effectively.

With this data easily accessible, IR managers can modify processes and develop workshops to foster the professional development of their existing staff.

Educate the C-Suite

In addition to reporting on team performance, orchestrating response with an IRP can also help security managers give insight to the C-level about the state of their organization’s global security function. It can do so by centralizing security and incident response activity from around the world into a single view.

By creating globally focused KPIs and reports for the C-suite, security leaders can unlock new conversations about bigger change within the security function. This creates awareness about specific skills gap needs and helps justify budget and staffing allocations. For example, if phishing incidents spike out of India, this provides a great opportunity to justify anti-phishing training and education in the region.

To learn more about how incident response orchestration can help organizations beat the skills gap, watch our webinar recording today.

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

thirteen + 11 =

View Our Additional Resources

  1. Cyber Security in 2017 and the Year Ahead: The Fifth-Annual Year-in-Review and Predictions Webinar


    Cyber Security in 2017 and the Year Ahead: The Fifth-Annual Year-in-Review and Predictions Webinar

    In IBM Resilient’s fifth-annual year-in-review and predictions webinar, our panel of cyber experts will discuss and debate the trends and stories that defined cyber security in 2017, and offer their predictions for what to expect in 2018. This year, we are also live streaming the event on Twitter for more engagement.

    Watch Now
  2. Six Steps for Building a Robust Incident Response Function


    Six Steps for Building a Robust Incident Response Function

    To overcome today’s top security challenges, organizations are increasingly seeking to orchestrate their incident response (IR). They aim to build agile, measurable IR workflows, increase communication and coordination, and arm their team with the right tools and intelligence.

    Download Now
  3. Top Global Research Laboratory


    Top Global Research Laboratory

    Learn how a top global research laboratory replaced its ticketing system with a purpose-built Incident Response Platform (IRP) -- and enabled its team to increase the effectiveness and efficiency of its security operations team.

    Download Now
  4. Improving Response with Orchestration and Automation: Ask Bruce


    Improving Response with Orchestration and Automation: Ask Bruce

    To effectively respond to today's complex cyberattacks, security teams need to coordinate their people and technology throughout the entire incident response (IR) process. When IR orchestration is supported by automation, organizations can accelerate their response and make their IR team more intelligent. In this video, IBM Resilient CTO Bruc...

    Watch Now