Mat Gangwer, security operations lead, Rook Security
The fact is, there is just too much data and information for a human to review in today's tech-infused life. Users and systems don't delete things, storage is cheap, answers are needed immediately. These are all catalysts that will drive change in Incident Response and Forensics. The current incident workflow involves large amounts of manual work and that just isn't going to cut it anymore. Incidents are more of a common place, and the impact to the business is rising. The current staffing levels are just not capable of keeping up with the workload.
Lucky for us, there have been huge advances made within a few technology realms including natural language processing, machine learning, and artificial intelligence (Google's Alpha Go anyone?). The raw processing and learning capability of a system like this is incredible. Don't get me wrong, there will still be a need for experienced staff in this area, but just imagine having an intelligent tool to filter out all the noise and meaningless information and give you actionable results. I, for one, welcome our cyber overlords.
Matt Rodgers, head of product management, E8 Security
Forensics staff, or Incident Response (IR) analysts, being replaced by robots sounds like something you'd expect to see on an episode of The Jetsons – pure fantasy. Data science techniques, machine learning and statistical analysis, complement an organization's incident response practice – it doesn't replace it.
Most forensics teams investigate an incident, like a data breach, post-detection, which is often months after the intrusion initially occurred. Making their manual approaches to IR and Forensics exponentially harder and costlier.
Teams are further challenged with finding all the puzzle pieces that are scattered throughout an organization, while ensuring the incident has been fully contained.
The future calls for organizations to invest in retaining security-relevant data in a scalable, centralized behavioral analytics platform to understand behavior patterns, looking for unusual activity; not dependent on threat intelligence. The result, is the “Jetsonization” of response, faster incident triage, response, and root cause analysis for forensics teams. In other words, saving organizations time and money.