Overcoming the Cloud Security Skills Shortage by Encoding Expertise

In case you missed them, in recent blogs we did a deep dive into Threat Stack’s ability to provide extensive cloud security telemetry and hinted at how a data-first approach can accelerate a company’s ability to apply machine learning (ML) to their cloud security practice. We also recently discussed how our rules-based approach excels at capturing known threats and our plans to complement rules by using ML to capture unknown, anomalous risks.

But even with all the extensive data, alerts and predictive power that the Threat Stack platform provides, human understanding and reasoning skills are still needed to place it all into context and make decisions about remediation. What’s more, it’s critical to have staff with cloud security skills on hand, because the cloud is far more complex than on-premises environments, with more vectors for attack.

Mind the gap

Unfortunately, security talent, especially cloud security, is in short supply.

For example, 70% of cybersecurity professionals say their organizations have suffered from a cybersecurity skills shortage, according to a 2020 report from ESG and ISSA. More than 60% of organizations say security positions remain vacant for at least three months, according to the ISACA State of Cybersecurity 2020 report. And cloud skills are exceptionally scarce, with 451 Research finding that 86% of companies experience a skills gap for implementing cloud.

As a result, anyone trying to hire staff with deep cloud security experience should buckle up for a long ride. Even when organizations are able to fill these roles, they are likely to experience a high turnover rate, as these people are in high demand.

Closing the gap with Threat Stack services

To help organizations overcome this skills gap dilemma, we created Threat Stack Services. These services are composed of highly experienced cloud security experts who are well-trained and laser-focused on understanding the signs and signals of both known risks and emerging threats.

Through a service we call Threat Stack Oversight, our team of security and compliance experts continuously monitors an organization’s Threat Stack Cloud Security Platform for signs of intrusion and risky behavior. Drawing on their expertise and in-depth understanding of each organization’s unique cloud environment, they validate alerts and gather relevant context to determine whether an alert requires escalation. If they determine that it’s likely to pose a real threat, they inform the organization immediately and provide them with detailed recommendations for remediation.

As a result, security organizations have the peace of mind of knowing that their cloud environments are under the close watch of our seasoned Oversight analysts every minute of the day, every day of the year. They triage critical alerts, reducing investigatory legwork and helping you get to remediation faster. And with monitoring under control, security leaders can redirect resources to focus on higher value tasks, like threat hunting …

Gap analysis

Security organizations are also able to free their limited staff from manual, time consuming, and error prone tasks through our Threat Stack Insight service. This service provides Threat Stack architects who work directly with security teams to customize and optimize alerting and auditing workflows as part of comprehensive analytics reports. By regularly analyzing the organization’s overall security posture, our architects help move them from a reactive approach of alert investigation to a more proactive posture that emphasizes systems hardening and active threat hunting.

So, how will we encode the human expertise of Threat Stack services teams to help customers close cloud security gaps faster? By creating ML algorithms that learn from how Threat Stack experts investigate and prioritize alerts.

That said, ML definitely won’t eliminate the need for human involvement in cloud security. Instead, it will make the work of security professionals more effective, including those on our Threat Stack security services team. Just as with deep telemetry and extensive alerting rules, the insights produced by ML need to be placed into context by a human being, who will ultimately make decisions about the proper course of action. It’s a feedback loop that will develop uniquely for each customer environment, with Threat Stack experts informing ML models, and ML detections optimizing Threat Stack services.

Expediting Cybersecurity Expertise

If you’re facing a cloud security skills shortage, or if you simply want to expedite risk assessment or compliance efforts, allowing your staff to focus on higher value projects, get in touch. We’d be happy to talk about how we can best monitor and secure your unique cloud environment. And stay tuned for more on Threat Stack and ML, coming soon!