The annual Cybersecurity Workforce Study conducted by (ISC)² modeled the existing talent shortage as 3.4 million professionals in 2022, up 26% from their 2021 study. The purchasing of a multitude of security products to offset skill gaps can fall short as operators struggle to adapt processes and extract value from toolchains that may or may not be flexible in handling an evolving threat landscape.
Many available security automation products require an operator to construct, deconstruct, and reconstruct a set of playbooks that include a number of static decision blocks, which are clearly not optimized for ad-hoc or potentially ex-ante scenarios.
In this episode we have a conversation with Salim Scafuto, Global VP of Customer Success and Sales Engineering, of StrikeReady, about their platform and how its logic layers (attack harvesting, knowledge harvesting, action invocation, analysis & context) combined with their machine learning capabilities (e.g., deep neural networks, convolutional deep neural networks, deep belief networks, recurrent neural networks) can allow an operator to reason with their environment to thwart attacks.
The platform allows operators to engage in knowledge-seeking questions that invoke a security-centric conversation with their reasoning engine (e.g., such as asking, “what is ransomware?”, or, “who is APTXXX?”), a contextual awareness question to obtain a degree of business insight (e.g., such as asking “am I currently at risk for ransomware?”), or even an automation-based command for incident response and proactive operation (e.g., such as issuing the command, “check this email for phishing”, or, “assess my risk against mummyspider”).
With a host of integrations and a TAXII client to ingest a set of threat feeds, the platform is enabling a broad range of responses that mimic a security professional, offsetting much of the day-to-day load and allowing practitioners to focus more on the exceptions.
Please listen and contact Satbir and Darren to explore this and other cybersecurity-related domains.