As a technology marketer, I have spent 20 years working with technical teams to identify ways to articulate how and why solutions work the way they do. While I have worked in many complex industries, I have found cybersecurity, AI and ML to be an interesting challenge.
This spurred the memory of a case study I once read about Meg Whitman at eBay1. Whitman, a non-technical leader, joined the start-up in its infancy and used analogies to gain a “better understanding of the company’s technical underpinnings”. For example, she likened technical capacity to a shoe factory and the project scoping process to train seats. These comparisons made the technology easier to understand and enabled her to lead the company to success through innovation and creativity while adding her valuable outsider’s perspective.
We are fortunate at JASK to have a world-class team of data scientists and ML engineers that have spent time explaining to me how and why the JASK Automated Security Operations Center (ASOC) platform works. The more I learn, the more I begin to understand the problem, and the impact that the right solution will have on SOC teams.
For those of you who remember relying on paper maps without GPS or internet connectivity, you might recall the feeling of driving without the visibility to be confident you were going the right way. I remember driving in what I thought was the right direction, but the longer I drove with uncertainty, the more anxious I would become, making minutes seem like hours.
I can imagine as a security analyst, navigating through hundreds, maybe thousands, of alerts to gather enough context to determine if one alert, or a combination of alerts, is a higher priority than a completely different set. If I were tasked with protecting a company from the modern cyber threat, without knowing for certain that I was heading in the right direction, my level of anxiety would be far worse.
We all understand alert fatigue. With our phones always with us, many of us deal with constant alerts. It’s difficult to know what to pay attention to or how to prioritize responses without context. My phone may ring 20 times, but if I don’t know who is calling, I am unlikely to answer. Or, if my mom calls during the work day, I might wait until the end of the day to call her back. Except once, when I was in a meeting, my mom called, followed immediately by my dad. Those two calls back to back, formed an unusual pattern that I immediately responded to, because I had visibility into who was calling, and in what order.
For my final analogy, have you ever looked up at the night sky and pointed out various constellations? I haven’t. It’s difficult to look at billions of lights and discern patterns that form shapes. Unless something, or someone, shows me how to connect the dots, I don’t even know where to start. While constellations were used for navigational purposes centuries ago, I bet the majority of us would rather use an app like Sky Guide to show us exactly where the patterns are and how they connect to form constellations.
When I think of JASK and how we help SOC analysts more quickly and easily identify important threats and prioritize the most critical, I think of these analogies and how modern technology makes things more efficient. GPS tells us exactly how to get where we are going, caller ID reduces alert fatigue by giving us visibility into who is calling, and apps like Sky Guide connect the dots for us to show us exactly how patterns form constellations. We are saved from the frustrations we may have dealt with years ago because technology provides us guidance where we need it and context when we can’t find it on our own.
My hope is that, as the cybersecurity industry continues to harness the power of AI and ML, we remain focused on the problem we are really trying to solve, addressing the failures that have created unmanageable processes for SOC teams. This means reducing the noise, not creating more of it. We won’t accomplish this with yet another tool that does a better job of detecting threats, but we will do it with solutions that improve SOC processes by delivering context and visibility to security analysts.
1Harvard Business School Publishing, Meg Whitman at eBay, 2000