But why does the IR market experience such explosive growth? Organizational networks today are composed of a variety of appliances and components, which have to communicate flawlessly. Because of that, we see scenarios where certain TTP and attack patterns are exploited, despite the fact they are not categorized as zero-day exploitations or unfamiliar attack chains.
The second and more publicly mentioned reason is the tremendous shortage of highly trained and experienced personnel. That, combined with the high availability of malicious software which can be bought just like any other SaaS product, results in a hazardous situation. Crime organizations and rogue individuals can purchase and use advanced malicious software, and without profound knowledge make a large profit when the attack is deployed successfully.
Add to this the game changer: COVID-19. Until COVID-19, most IR procedures were done On-Site, and the cyber experts literally ‘knocked on the victim's doorway’ and gathered or extracted the evidence for the investigation. Following the COVID-19 outbreak, the IR market had to shift toward the Remote Incident Response approach. There is no doubt that COVID accelerated the transition to the cloud, and the IR market all the while.
Machine learning (ML) created a new field of opportunities for autonomous solutions such as SOAR, and our more advanced XDR-based solutions, where XDR agents can spot and isolate infected endpoints from the network and provide an entire IR Solution over the Cloud.
A new generation of security solutions, such as XDR and SOAR, provides a high level of protection for low-budget companies with small cyber teams for the first time. These automated solutions solve part of the huge personnel deficit, which is now estimated at 4-5 million cyber experts. The problem is felt across all sectors, but in particular for small and medium-sized enterprises which remain unprotected.
I often get asked if I think ML and autonomous response can replace a cyber professional. In my opinion, autonomous tools enable us to help clients further without having to call people out of their beds. Yet, the humans’ place is crucial, because when attacked, the victim organization reaches out in search of human expertise and consultation, with the will to make an informed decision, and not rely on an automated responsive SaaS/ Bot response. All in all, with the rising demand for cyber professionals and solutions, we are facing a whole new world of opportunities and threats, in which we have to be very agile in order to succeed.
Written by Shiran Grinberg Director of Research and Cyber Operations at Cynet Security