Blog Categories Application Security Cloud Security Compliance Container Security & Orchestration DevSecOps General Professional Development SOC Threat Intel Threat Stack Subscribe Now x Subscribe to Our Blog! Cloud Security • Threat Stack 3 Min Read Overcoming the Cloud Security Skills Shortage by Encoding Expertise Jackson Connell October 15, 2020 In case you missed them, in recent blogs we did a deep dive into Threat Stack’s ability to provide extensive cloud security telemetry and hinted at how a data-first approach can accelerate a company’s ability to apply machine learning (ML) to their cloud security practice. We also recently discussed how our rules-based approach excels at capturing known threats and our plans to complement rules by using ML to capture unknown, anomalous risks. But even with all the extensive data, alerts and predictive power that the Threat Stack platform provides, human understanding and reasoning skills are still needed to place it all into context and make decisions about remediation. What’s more, it’s critical to have staff with cloud security skills on hand, because the cloud is far more complex than on-premises environments, with more vectors for attack. Mind the gap Unfortunately, security talent, especially cloud security, is in short supply. For example, 70% of cybersecurity professionals say their organizations have suffered from a cybersecurity skills shortage, according to a 2020 report from ESG and ISSA. More than 60% of organizations say security positions remain vacant for at least three months, according to the ISACA State of Cybersecurity 2020 report. And cloud skills are exceptionally scarce, with 451 Research finding that 86% of companies experience a skills gap for implementing cloud. As a result, anyone trying to hire staff with deep cloud security experience should buckle up for a long ride. Even when organizations are able to fill these roles, they are likely to experience a high turnover rate, as these people are in high demand. Closing the gap with Threat Stack services To help organizations overcome this skills gap dilemma, we created Threat Stack Services. These services are composed of highly experienced cloud security experts who are well-trained and laser-focused on understanding the signs and signals of both known risks and emerging threats. Through a service we call Threat Stack Oversight, our team of security and compliance experts continuously monitors an organization’s Threat Stack Cloud Security Platform for signs of intrusion and risky behavior. Drawing on their expertise and in-depth understanding of each organization’s unique cloud environment, they validate alerts and gather relevant context to determine whether an alert requires escalation. If they determine that it’s likely to pose a real threat, they inform the organization immediately and provide them with detailed recommendations for remediation. As a result, security organizations have the peace of mind of knowing that their cloud environments are under the close watch of our seasoned Oversight analysts every minute of the day, every day of the year. They triage critical alerts, reducing investigatory legwork and helping you get to remediation faster. And with monitoring under control, security leaders can redirect resources to focus on higher value tasks, like threat hunting … Gap analysis Security organizations are also able to free their limited staff from manual, time consuming, and error prone tasks through our Threat Stack Insight service. This service provides Threat Stack architects who work directly with security teams to customize and optimize alerting and auditing workflows as part of comprehensive analytics reports. By regularly analyzing the organization’s overall security posture, our architects help move them from a reactive approach of alert investigation to a more proactive posture that emphasizes systems hardening and active threat hunting. So, how will we encode the human expertise of Threat Stack services teams to help customers close cloud security gaps faster? By creating ML algorithms that learn from how Threat Stack experts investigate and prioritize alerts. That said, ML definitely won’t eliminate the need for human involvement in cloud security. Instead, it will make the work of security professionals more effective, including those on our Threat Stack security services team. Just as with deep telemetry and extensive alerting rules, the insights produced by ML need to be placed into context by a human being, who will ultimately make decisions about the proper course of action. It’s a feedback loop that will develop uniquely for each customer environment, with Threat Stack experts informing ML models, and ML detections optimizing Threat Stack services. Expediting Cybersecurity Expertise If you’re facing a cloud security skills shortage, or if you simply want to expedite risk assessment or compliance efforts, allowing your staff to focus on higher value projects, get in touch. We’d be happy to talk about how we can best monitor and secure your unique cloud environment. And stay tuned for more on Threat Stack and ML, coming soon! Tags:Threat Stack InsightThreat Stack OversightThreatML You Might Also Like... Security Rules with Anomaly Detection: Capture the Known and the Unknown Accelerate Security with Threat Stack Telemetry Optimizing Threat Stack’s Data Pipeline with Apache Spark and Amazon EMR Introducing Threat Stack support for AWS Fargate About Jackson Connell Jackson Connell is the Corporate Communications Manager at Threat Stack where he is responsible for public relations, analyst relations, Threat Stack’s social media channels, and overall content strategy. Prior to joining Threat Stack, Jackson was the Corporate Communications Manager at iboss where he led corporate communications strategy and spent over five years at LPP, an integrated communications agency specializing in B2B technology and healthcare. View more posts by Jackson Connell Request a Demo Share this Blog