Three Key Takeaways from the 2017 RSA Conference

RSA Conference 2017Last week marked the ever-expanding annual RSA Conference in San Francisco. Over 40,000 cybersecurity professionals came together to share stories and learn about the latest technology to stop hackers and cyber-criminals from getting their hands on an organizations’ crown jewels. From deception solutions to cloud security, the 2017 conference lived up to the hype. We even introduced our next generation automation and orchestration platform, with machine learning intelligence.

Here are three key takeaways from the 2017 RSA Conference.

Takeaway 1: The cybersecurity skills shortage struggle is real…

You’ve all heard the news of the impending cybersecurity skills shortage to the tune of 1.8 million open positions by 2022 and you may have thought it was just sensationalizing or an exaggeration, but you’d be wrong. Time and again we spoke with security professionals at our booth about how they don’t have the resources to be truly effective. A couple people mentioned the volume of incidents in their SOC are increasing as was their concern about not wanting to be the next headline-making organization because they missed an indication of breach or malware taking hold.

Many of the attendees we talked with who stopped by our booth wanted to learn about security automation and orchestration as a practical alternative to the cybersecurity skills shortage. Given the advancements in machine learning technology and growing acceptance of human-augmented decision support (or a human in the loop), cybersecurity incident response automation is emerging as a viable option for SOC teams at both enterprises and MSSPs.

Takeaway 2: An extensible cybersecurity platform is a must-have…

One of the most interesting themes from attendees we talked with was about needing an extensible platform. Gone are the days of a security product simply having the capability to work with other security tools and systems. Now, security professionals – from the top down to the end-users – need a platform that is fully integrated with the multiple, disparate tools leveraged to defend their organization against attacks from malware, ransomware, antivirus, malicious outsiders/insiders, endpoint protection, and the list goes on.

Attendees simply expected any platform on the market today to be integration ready out-of-the-box. Further, with the proliferation of cloud applications and organizations building in-house applications, the platform’s APIs should enable custom extensibility.

Takeaway 3: Semi-automated workflows are in high demand…

The concept of automated incident response is not new in the cybersecurity space. When the first generation security automation tools made it to market 20+ years ago, the maturity level of the technology was at a minimum. Horror stories abound of the inability of the then “state-of-the-art” technology to effectively decipher between legitimate alerts and false positives. Instead, every alert was deemed a real threat. The added inability to selectively shutdown infrastructure components involved in an incident only exacerbated the situation, dooming early hopes that security automation was viable. As you can imagine, or maybe even experienced first-hand, chaos ensued and the technology was abandoned.

Fast-forward to the 2017 RSA Conference and, having learned from past mistakes, a new chapter on security automation has begun. The automated cybersecurity incident response conversations at our booth focused on semi-automated workflow capabilities, where a human is in the loop (read: in control) at all times making decisions. Given the aforementioned cybersecurity skills shortage, semi-automation frees up significant time from dealing with increasing volumes of manual, error-prone tasks and helps to greatly reduce (and even possibly eliminate) false positives, allowing the operations team to focus on true security threats.

All in all, the 2017 RSA Conference lived up to the hype as the most talked about and most attended security conference of the year. We’re already making plans for the 2018 conference and can’t wait to talk cybersecurity incident response automation and orchestration throughout the coming year.

Follow us on Twitter and LinkedIn for the latest news and updates on other events we will be attending and/or presenting at. And, to learn more about the benefits of automating cybersecurity incident response, check out our free eBook below.

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

The Rise of SOC Automation

The Rise of SOC AutomationSecurity operation centers (SOC for short) are cropping up in organizations around the globe and across just about every industry. Many large enterprises have already initiated their own SOCs while others are currently in the process. Smaller companies are turning to external resources for their security needs. In either case, the SOC function serves to consolidate and centralize the incident prevention, detection and response process as well as monitoring, vulnerability management and several other key functions. Along with the wider-spread adoption of these teams has also been a steady rise in the use of SOC automation.

The reason why SOC automation is gaining in popularity is multifaceted. Firstly, there is the very real challenge associated with the highly-tailored and extreme complexity of today’s modern cybersecurity attacks. Gone are the days when incoming threats could easily be identified and thwarted with little to no impact on the organization or its sensitive data. Today’s hackers are leveraging newer and better technology to initiate highly targeted and relentless attacks on their victims. Human security teams are simply no match for these advanced persistent threats.

SOC automation facilitates a much more streamlined and highly effective defense against APTs and other such incidents. These platforms serve as an ever-vigilant, well-equipped army that stands at the ready, round-the-clock, to detect and address potential breaches. When an alert is created, it is automatically assessed and either remediated electronically or escalated to the appropriate human party for immediate attention. In other words, SOC automation acts as a force multiplier, enhancing the monitoring function and creating a closed-loop process that is much stronger.

The second area in which SOC automation is helping security teams, both internal and external, do their jobs more effectively is the amount of time it takes to address and resolve successful attacks. Despite our most valiant efforts, there will almost always be some vulnerability through which cyber-criminals can achieve their goals. The amount of damage they are able to do, however, will ultimately depend on how quickly they can be identified and stopped. Obviously, the sooner a breach can be identified and dealt with accordingly, the more the organization can mitigate damages.

In this dynamic, demanding and critical environment, there is little room for error. SOC automation and orchestration tools are virtually transforming these departments into advanced command and control centers by integrating with Security Information and Event Management (SIEM) systems and providing work­flows and play-books that extend SIEM existing capabilities. Agent-less architecture allows for the execution of tasks over physical, virtual, and cloud environments via standard protocols to speed up security incident response and resolution while improving security operations efficiency.

Finally, SOC automation cuts the Mean Time to Resolution and eliminates manual, repetitive tasks by automating incident response playbooks, freeing up scarce manpower resources, and measurably improving service levels. This type of platform also enables the advanced scheduling of security procedures on a regular basis in order to identify and prevent security vulnerabilities. In other words, it allows you to cover all your bases – from prevention and detection to response and remediation. The result is a much more secure, efficient environment overall, which benefits everyone.

To learn more about SOC automation click here. Or, better yet, try it yourself with our free 30 day, no obligation trial.

How to Get Critical Systems Back Online in Minutes

Compliance Got You Down? IT Automation is the Answer

Compliance Got You Down? IT Automation is the AnswerIn today’s fast paced business environment, it can be a hassle to keep track of all the important data you’re dealing with, but it’s an absolute necessity if you are to remain compliant. Regardless whether it’s an external regulatory body, like HIPAA or Sarbanes-Oxley, or even the occasional internal audit to ensure that regulations are consistently being met, you’re on the hook for maintaining proper documentation and producing that documentation if and when it’s needed. So how can you ease this burden and make staying in compliance much more manageable? Easy – you employ IT automation.

It’s all about transparency.

With the right IT automation platform in place, you don’t have to worry about manually keeping track of every important piece of data. In the event of an audit, either internal or external, you can easily access what you need, when you need it. There’s really no better way to remain in compliance than through IT automation.

Create an environment of consistency and uniformity.

One of the biggest challenges for a business when it comes to the topic of compliance is dealing with inconsistencies across the organizational structure as a whole. One department may be extremely diligent about documentation, while another may be seriously lacking. Still others may do things completely differently than their peers, which can make organizing and presenting requested documentation to an external auditor a nightmare. IT automation creates a uniform process that helps to keep every area of your business consistently compliant.

Get the freedom to focus on what’s most important.

Not only does IT automation help with organizing, storing and accessing important data and documentation, but because you and your personnel are no longer forced to waste valuable time on mundane, repetitive tasks, you will be better able to focus on critical business issues – including compliance. So, it becomes a win-win in terms of staying compliant from start to finish.

Take a proactive approach.

Don’t let an auditor be the one to catch a problem within your organization. IT automation provides the ability to receive real-time and accurate notifications so that critical business issues can be identified and addressed in a timely manner, before they develop into a more serious or costly problem for your business. Fewer things falling through the cracks equates to a more compliant business year-round.

Test, test and test again.

The best way to prepare for a potential audit is to conduct occasional internal tests. Not only will this help identify areas of weakness so they can be addressed immediately, before they become a serious concern, but it will ensure that your data can be quickly and easily accessed when and if an external audit should become necessary.

Make audits quick and painless.

If you’ve ever experienced an audit, you know that it can be a long, drawn out and painful process – especially if you weren’t well-prepared ahead of time. Without the right technology in place, audits can force you to pull your personnel away from their day to day tasks, causing production delays and an increased burden of workload on the rest of the team. The time it takes to dig up days, weeks, months or even years’ worth of data and produce the necessary documentation means a loss of productivity and subsequent profits for your organization, not to mention the consequences of failing any area of your compliance check. IT automation makes the process of an audit go much more smoothly, which means less disruption to workflow and a faster turnaround.

For most organizations, regardless of industry, compliance is a challenging but necessary part of doing business. The good news is it doesn’t have to be a costly, workflow disrupting headache for you or your team. With the right IT automation and orchestration platform in place, you can uniformly organize and access all of your important data without having to waste precious time and resources, so that if and when an audit comes up, you’ll be ready!

IT automation makes the process of staying compliant a breeze. Learn how it can help your business today by launching your own free trial today!

eBook: 10 time consuming tasks you should automate

Top Cybersecurity Challenges (and How Automation is the Key)

Top Cybersecurity Challenges (and How Automation is the Key)Research conducted by ESG revealed that an incredible 91 percent of IT professionals believe that effective incident response is hindered by the time and effort of manual processes. Furthermore, a full 97 percent of those surveyed either have already or plan on taking steps to automate and/or orchestrate the incident response process. In other words, we are moving in the right direction (but we’re not there yet). Here are some of the biggest cybersecurity challenges IT teams are dealing with and how automation can provide the ideal solution.

Staffing Shortage

Perhaps the biggest challenge many IT departments face today is the distinct shortage of qualified professionals who are skilled in the area of cybersecurity. While there are certainly plenty of folks working their way up the ranks and pursuing an education in this area, until they officially hit the workforce, the struggle to keep up will continue. As such, many organizations are turning to automation to bridge this gap and provide the protection and support that human workers cannot.

End to End Monitoring

We recently published an article that outlines why monitoring systems alone are simply not enough to maintain network and data security. A big part of this is due to the fact that these tools only cover half of the process, leaving organizations vulnerable. What’s needed is a closed-loop workflow that covers both the monitoring component as well as appropriate incident analysis and subsequent resolution. This can be achieved through automated cybersecurity incident response, which handles the process from start to completion.

Volume of Alerts

Today’s IT departments are dealing with a volume of incoming alerts that is almost mind boggling. As such, alert fatigue is becoming a huge problem. Simply put, even if they worked non-stop, round the clock, it’s not possible for human workers to handle the barrage of threats that are occurring on a daily basis. Enter automation, which shifts the burden and allows technology to do the heavy lifting, freeing up IT personnel to focus their skills on other mission-critical tasks and projects.

Complexity of Threats

Not only is the number of incoming incidents posing a significant challenge to today’s IT professionals, but the complexity of these threats is also increasing at a lightning speed. Today’s hackers are much more sophisticated, initiating much more targeted and effective attacks that are giving IT departments a real run for their money. The only way to combat these advanced persistent threats is to fight fire with fire, using automation technology to thwart would-be attacks.

Is your IT team feeling overwhelmed, bogged down and burnt out? We invite you to experience for yourself how the right IT automation and orchestration platform can turn things around for the better.

Download your copy of eyeShare today or request a free demo of our brand new next generation platform.

How to Get Critical Systems Back Online in Minutes

A Smarter Way to Manage System Alerts

A Smarter Way to Manage System AlertsOne of the most important roles of the IT team is managing incoming alerts and incidents in the most efficient manner possible. Doing so effectively not only protects the organization from incoming security threats, but it also helps to reduce internal issues, such as system outages. Yet, with the relentless barrage of incoming alerts pouring in on a daily basis, many of which are false positives, it’s easy to become overwhelmed and risk the chance of critical issues slipping through the cracks. The good news is there is a solution: IT process automation. Here’s how.

Consider first that most corporations employ the use of some type of monitoring system, which allows technology to do much of the work in keeping an eye out for problems – both external and internal. The problem is, these monitoring systems are often not effective in streamlining the actual process of managing incoming alerts. In other words, it’s very much like having only a piece of the puzzle, which is somewhat effective but missing certain key components that are necessary to get real, measurable results.

Enter IT process automation. When integrated with a monitoring system, such as Solarwinds, automation can take incident management to a whole new level. Working in collaboration together, these tools help to identify, analyze and prioritize incoming alerts and also ensure that notification is sent to the appropriate party in the event that a serious issue is detected. What’s more, notifications can be customized based on preference, with escalations being sent via email, SMS or telephone.

In addition to bringing more order to the incident management process, integrating IT process automation with your monitoring system can also vastly improve the speed and efficiency of incident response. Automated workflows can be created to open, update and close tickets in the service desk, escalating those that require human input and automatically handling those that can be resolved electronically.

The results of such a collaboration is a closed-loop solution that is much more efficient and highly effective in reducing response and resolution time, which means less downtime and faster mean time to repair (MTTR) for your organization. Let’s take a look at a real-life example of how integrating a monitoring system with ITPA can help streamline the incident workflow:

  1. The monitoring system detects an incident within the IT infrastructure and sends out an alert.
  2. The alert is picked up by the IT process automation software, which immediately triggers a predefined workflow.
  3. As part of this workflow, a trouble ticket is automatically created in the service desk.
  4. The appropriate party or parties receive notification via their preferred method (email, SMS or phone).
  5. The system waits for acknowledgement and response from the network admin.
  6. Upon response, the ITPA workflow will execute the appropriate task to address and correct the problem.
  7. The ITPA system then sends notification to the network admin advising of the recovery and automatically updates the service ticket accordingly.

This process essentially closes the loop on incident management, taking the entire process from start to completion with little if any need for human intervention. So, while utilizing a quality monitoring system is important, leveraging the power of IT process automation as a complement to that system can truly bring your IT operations to a whole new level.

Ready to get started today? Check out our available solutions or download your free trial to get started right away.

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

Why Monitoring Tools Aren’t Enough to Prevent Cybersecurity Breaches

Why Monitoring Tools Aren’t Enough to Prevent Cybersecurity BreachesThere are literally millions upon millions of attempted cyber-attacks being executed each and every day. Yet, many organizations are still only employing the bare minimum in cybersecurity protection – monitoring systems. While these programs may have once been sufficient in thwarting off potential breaches, they are no longer capable of adequately keeping businesses safe from harm. If you are among those companies relying solely on monitoring tools to safeguard your network and sensitive data, here are a few reasons you may want to reconsider.

First and foremost, the sheer volume of cyber threats has increased at a mind-boggling rate and all trends indicate this will only continue to get worse as time goes by. The fact is, today’s cyber criminals are becoming more relentless than ever before, which means organizations must remain on high alert 24 hours a day, 7 days a week, 365 days a year. With the amount of incoming incidents on the rise, most monitoring tools simply cannot keep. As a result, legitimate threats have a better chance of pinpointing a company’s vulnerability and exploiting it.

In addition to the number of threats coming in on a daily basis, the complexity of these incidents is also evolving. Sure, there are still some relatively rudimentary type attacks crafted by amateur hackers, and modern monitoring systems are usually more than up to the task of handling these. It’s the multifarious and highly targeted threats (APTs) being instituted by sophisticated criminals that companies must be vigilant against, and unfortunately this is where most monitoring platforms fall short.

A combination of these two factors make it increasingly evident that in order to remain steadfastly secure against the relentless onslaught of complex cybersecurity attacks, IT teams must take additional measures. Short of employing an army of security professionals to work round the clock, something even the biggest, most successful organization cannot reasonably do, there is another, much more affordable, effective and feasible solution: automation.

Automated cybersecurity incident response allows companies to create a closed-loop process that incorporates the monitoring function with instant, advanced threat analysis and response. Once the two platforms are successfully integrated, any incident detected by the monitoring tool triggers an automated workflow that effectively evaluates the threat for legitimacy and then determines next steps based on the results of this analysis.

If the threat is real, the automation and orchestration platform then either takes the necessary steps to isolate and remediate on its own or escalates it to the appropriate party. Of course, it’s also important to recognize that even the strongest, most sophisticated IR strategies are not entirely fool-proof. This is another area where automated cybersecurity incident response is valuable. In those rare instances that a threat does, in fact, make its way passed the existing security measures, an automated platform can help get critical systems back and running faster.

Essentially, automated cybersecurity incident response becomes a force multiplier, supporting the monitoring process and taking it a step further to dramatically reduce the likelihood of a successful breach taking place. Best of all, this type of scenario eliminates the need to employ a large security team. And because this type of setup is always on, the organization remains as safe as possible any time, day or night.

In reality, the world of cyber-crime has changed and will continue to do so at a rapid pace. The monitoring tools and applications that were once enough to keep sensitive data safe are no longer adequate. Today’s IR requires a much greater degree of intricacy and the same level of advanced technology that the criminals behind these dangerous threats are using.

Is your organization truly safe? Request a free demo of Ayehu IT automation and orchestration and see for yourself how this innovative technology can bring your company’s cybersecurity to the next level.


How to Get Critical Systems Back Online in Minutes

The Secret to Improving IT Operations Performance and Service Quality

The Secret to Improving IT Operations Performance and Service QualityThere’s no doubt about it. IT automation is the biggest driver for increasing the overall performance of operations and service quality for businesses today. It allows the streamlining of workflows by automating the time consuming day to day tasks that normally bog the busy IT team down, and facilitates technology as the heavy lifter so talented personnel can focus on more important mission-critical issues.

IT automation can be applied to almost any pain point your organization may face, from frequent password resets to service restarts to disk space cleanups and much, much more. The key is to begin with a few small things so that the value can be easily quantified and then steadily work up to automate more complex projects and workflows to utilize this advanced technology to its fullest potential.

Best Practices for Systems and IT Operations Managers:

As with anything else in business, there are certain “best practices” that have been established and should be implemented to achieve optimum results with IT automation. Here are few basic guidelines to follow:

  • Pick one or two pain points to start. What simple processes or routine tasks are critical to your organization but are bogging your team down? Pick points that you will be able to quickly and easily measure the value of once you’re up and running.
  • Carefully evaluate available IT automation tools to help you choose the right product and then learn as much as you can about the one you choose so that you can truly convey the benefits that it will have for your business operations.
  • Develop and foster IT automation skills within your team. Make it clear to IT personnel that automation isn’t something to fear. That it’s not there to eliminate their jobs, but rather to make them more efficient and productive, and to provide the opportunity to enhance their skills, become more marketable and achieve more growth in their careers.
  • Encourage communication between IT teams and other departments. For instance, dev-ops and IT automation go hand in hand, with the shared goal of bridging the gap between IT personnel and those on the operational end of the technology. For optimum results, a solid relationship built on trust and open communication should be developed and fostered.
  • Develop key performance indicators and measure results. Once you’re up and running with IT automation, it’s critical that progress is continuously monitored, measured, analyzed and modified accordingly. Develop a list of which performance indicators are most important to your organization and then measure regularly to ensure optimum results.

In summary, organizations that follow these best practices will not only increase agility and reliability, but they will also have a more productive, happier staff. Additionally, IT teams that know how to utilize these tools will have more opportunities for growth, both within the workplace and beyond, as demand for these skills continues to grow.

In the end, it’s a triple win: employees, your business and your customers all benefit in multiple ways through the use of IT automation. As such, the question then becomes not “should you automate”, but rather, “why haven’t you started yet?” To experience for yourself how IT automation can help bring your organization to a new level, start your free trial today!

eBook: 10 time consuming tasks you should automate

7 Cybersecurity Steps to Combat Hactivist Attacks

7 Steps to Combat Hactivist AttacksComing in somewhere around 20% of all cyber-attacks, hacktivism is on the rise, and nobody is safe. Just ask big names Sony Pictures, JP Morgan Chase and the American Broadcasting Network, all of whom have become victims of these socially motivated crimes. And given the emotionally charged political state in both the US and around the world, it’s only logical to assume this number will continue to climb.

So how can you protect your organization from a potential hacktivist attack? Here are seven proactive measures you can start taking today for a stronger defense tomorrow.

Don’t poke the bear.

Many hacktivist-driven cybersecurity attacks are inadvertently provoked by news that is released by the target, such as a press release, website content or social media post. Be mindful of the types of announcements and news you’re sharing to ensure none of the information contained within could be erroneously perceived as a threat or challenge to your would-be attackers.

Make sure your defense strategy is up to par.

It’s been said time and time again that the best defense is a good offense, and this is certainly true when it comes to cybersecurity – including hacktivism. You should be regularly auditing your monitoring systems and employing the best available automated incident response platform if you want to prevent potential breaches.

Secure your accounts.

Many hacktivism attacks occur when criminals obtain unauthorized access to a company’s systems and accounts, particularly social media profiles. The damage that can be done if someone unsavory were to take over your social accounts could be potentially devastating. Fortify your security measures by using strong passwords and requiring two-factor authentication.

Have a solid IR plan at the ready.

Beyond incident response from a technology standpoint, hacktivism adds a layer of complication in that it requires a more public-facing response than other types of cybersecurity issues. While the hope is you’ll never fall victim, the reality is there’s a good chance you will, so be prepared from a corporate communications/public relations standpoint. The quicker and more confidently you can respond, the less chance of serious fallout occurring.

Be forthcoming with affected parties.

Nobody wants to have to tell another business or group of customers that their sensitive data has been compromised – especially if it’s due to a misstep on your part, but having difficult conversations in light of a hacktivism attack is a necessary evil. In the event of a cybersecurity breach, confirm all the facts as quickly and accurately as possible, then develop a remediation strategy that can be immediately communicated to customers and partners that have been affected. The sooner you work to get things under control, the better.

Learn from your mistakes.

If you have become a victim of a hacktivist attack, you can take a negative situation and turn it into a positive by analyzing how your IR and remediation process actually played out. This can allow you to identify areas where improvements can and should be made and enable the development of best practices for dealing with such incidents in the future.

Be vigilant.

Last but not least, keep your ear to the ground and your fingers on the pulse of what’s happening in the world around you – particularly as your business pertains to things. Being alert and vigilant can help you recognize and proactively protect against potential risks.

Hacktivist attacks are increasing in both number and complexity. If you haven’t yet taken the right steps to strengthen your defense, you could be placing your organization in harm’s way. Check out these top 5 cybersecurity playbooks that you can employ and start automating your way to a safer company.

How to Get Critical Systems Back Online in Minutes

Ayehu Introduces Next Generation IT Automation and Orchestration Platform Integrated with Machine Learning Intelligence

Ayehu’s next generation platform, driven by machine learning intelligence, is a force multiplier for overwhelmed and understaffed IT and security operations teams.

Ayehu today introduced its next generation IT automation and orchestration platform for IT and security operations. With intelligent machine learning driven decision support, the platform dynamically creates rule-based recommendations, insights and correlations that provide the operator/analyst with suggestions for how to optimize fully- or semi-automated workflows.

Today’s IT and security operations teams are plagued by a seemingly continuous flood of alerts, incidents and requests. This is compounded by the fact that as businesses scale their systems complexity grows, placing an increased workload on an already inundated workforce. This trend combined with a highly-publicized shortage of skilled, talented workers across both IT and security, has driven the need for intelligence-backed, automated solutions.

“Our next generation platform is the evolution of our successful IT automation solution, designed around our customers’ direct feedback regarding their additional, specific needs,” said Gabby Nizri, CEO of Ayehu. “We believe automation should be simple to implement, manage and maintain, from one, unified platform. Now a SaaS ready platform, Ayehu allows customers and partners to gain efficiencies across their hybrid environments and provide their overworked operators and analysts with intelligent machine learning driven decision support, further increasing productivity. This is a game changer, and we can’t wait for our customers to experience the next generation of IT automation.”

The platform includes significant enhancements, including an architecture redesign to support hybrid deployments across on-premise, private and public cloud environments. It also enriches product security in areas such as message encryption across internal and external networks, and presents a refreshed user interface.

The next generation Ayehu IT automation and orchestration platform features:

  • SaaS Ready – Ideal for hybrid deployments, Ayehu supports multi-tenant, network encryption, OAuth2 authentication, and internal security improvementsHigh Availability and Scalability – Ayehu easily scales to support organizations with a high volume of incidents, and safe guards against a single-point-of-failure
  • Machine Learning Driven Support Decisions — Ayehu provides decision support via prompts to optimize workflows and dynamically creates rule-based recommendations, insights and correlations
  • Workflow Version Control – Ayehu is the first IT automation and orchestration platform to provide version control on workflows, allowing users to rollback changes and review, compare or revert workflows
  • Tagging and Labeling – Ayehu users can associate workflows with keywords through tags to quickly search and return commonly used workflows

Ayehu acts as a force multiplier, driving efficiency through a simple and powerful IT automation and orchestration platform. Ayehu helps enterprises save time on manual and repetitive tasks, accelerate mean time to resolution (MTTR), and maintain greater control over IT infrastructure. With Ayehu, IT and security operations teams can fully- or semi-automate the manual response of an experienced IT or security operator/analyst, including complex tasks across multiple, disparate systems. Ayehu’s response time is instant and automatic, executing pre-configured instructions without any programming required, helping to resolve virtually any alert, incident or crisis.

Ayehu will provide live demonstrations of its next generation platform at RSA Conference 2017 (San Francisco, Moscone Center, February 13 -17) in its booth # 4914 (North Expo Hall). The platform is currently in beta and will be generally available later this year.

For more information and to request a live, personalized demonstration of the next generation platform, visit 

About Ayehu

Named by Gartner as a Cool Vendor, Ayehu’s IT automation and orchestration platform is a force multiplier for IT and security operations, helping enterprises save time on manual and repetitive tasks, accelerate mean time to resolution, and maintain greater control over IT infrastructure. Trusted by major enterprises and leading technology solution and service partners, Ayehu supports thousands of automated processes across the globe. For more information, please visit and the company blog. Follow Ayehu on Twitter and LinkedIn.

PR Contact
Christy Kemp
Dahlia Public Relations

How to Calculate the ROI of Cybersecurity Threat Defense


Article originally published on Security Info Watch

As any executive knows, keeping a close watch on the bottom line is a critical element of ongoing success. For CIOs, CTOs and CISOs, finding a way to keep costs down while maximizing protection against potential security breaches is a familiar struggle. The difficulty often lies in the paradox that exists when one is essentially investing in something that has not yet occurred. Further complicating matters is the fact that many organizations are employing a complex multitude of systems, applications and defense mechanisms which can make establishing quantifiable return-on-investment (ROI) a prohibitive undertaking.

Yet, the potential financial impact a successful breach can have certainly justifies the upfront and ongoing expense required to adequately prevent one from occurring. One only needs to peruse the headlines to see evidence of how costly a security incident can be – both monetarily as well as reputation-wise. More importantly, it’s becoming increasingly evident that no one is safe from becoming a victim of today’s sophisticated online hackers. Businesses of every shape, size and industry would be wise to take heed and put the appropriate measures in place to keep their networks and sensitive data safe from harm.

So how, then, can one effectively capture the return on this important if not essential investment? Despite the countless news articles and leading experts predicting the steady and ongoing increase in amount and complexity of criminal activity online, many key decision makers still insist on seeing real, measurable results in order to justify the value of having an established, solid threat detection plan in place. The good news is, with the right strategy, calculating and communicating this ROI is entirely possible.

Start with the Basics

Before you can adequately assess ROI, you need to have a clear and documented understanding of all of the costs and benefits associated with your threat defense strategy. First there are the costs involved in the overall cybersecurity plan you have in place (i.e. monitoring systems, incident response software, IT security personnel, etc.). These expenses are easily measurable, but if you’re not contrasting them with the right information, they can easily scare away even the most open-minded board member.

To balance your expenditure properly, the next calculation will likely be a little bit more abstract. That is, you’ll need to identify and capture, as accurately as possible, the costs associated with a security compromise. For instance, the following factors can and often do influence cost:

  • Percentage of incidents that lead to an actual breach
  • Percentage of threats that are major incidents
  • Average cost of a major incident
  • Percentage of threats that result in minor incidents
  • Average cost of a minor incident
  • Average annual growth of security threats and incidents

At an organizational level, there are additional factors that must also be accounted for. Ideally, these numbers would be captured prior to implementing a comprehensive threat management strategy, as this will allow you to more closely measure the additional savings achieved by the new strategy, whether it’s adopting better software, deploying automation technology, or some combination of these.

By way of example, these calculations might look something like this:

  • Average number of incidents per day
  • Number of incidents being addressed daily using current resources
  • Gap between addressed and unaddressed incidents
  • Number of incidents addressed daily using new incident management strategy

The figures obtained from these calculations will allow you to pinpoint or at least approximate the amount of money a potential security breach could cost your organization. With that number in hand, the savings achievable by avoiding those financial implications can be determined.

Delving Deeper

Another important thing to point out is that the ROI of good threat defense stretches far beyond the basics covered above. Recognizing these additional benefits can help strengthen and solidify a case for enhanced incident management. One area upon which many fail to capitalize, particularly in terms of justifying potential savings, is in the incident response realm. Far too often, the focus lies squarely on prevention, when in reality it’s the remediation that can truly quantify the return.

The truth is, when it comes to security breaches, it’s quite often not the actual incident that has the greatest impact, but rather the time it takes to identify, isolate and resolve the issue before it has a chance to cause further damage. This mean time to resolution (MTTR) is where the true value of threat intelligence lies.

According to recent reports, the majority of organizations today find out about a security breach by an external third party, such as their bank or a government body. The time it takes to identify said compromise averages somewhere around 320 days. For breaches that are detected internally, this number drops to around 56 days, which is still a significant amount of time to allow a successful incident – and the hackers behind it – to have a field day with your network, systems and sensitive data.

Complicating matters is the speed with which a compromise can occur. One recent industry report indicates that more than 80 percent of cybersecurity breaches happen in mere minutes. The vast canyon between compromise and detection is alarming to say the least and that’s not even taking into consideration the amount of time it takes to actually recover once a security incident is discovered.

It is estimated that about 60 percent of MTTR is spent determining the root-cause of the actual problem. The rest is spent mitigating damages and working to achieve a complete resolution. When system outages or any type of downtime is included in this process, you should increase the cost of compromise accordingly.

The Value of Reducing MTTR

With the right technology – such as IT automation – a significant savings can be realized in MTTR alone. Calculating this savings involves a two-step process. Start by determining the total yearly cost of incidents by applying the following formula:

Number of Monthly Incidents X Time to Resolve Each Incident X Cost of Personnel Per Hour X 12 months = Annual Cost of Incidents

Keep in mind that the type and severity of incidents will vary, so you may wish to use this formula to determine the cost associated with each incident priority level. In other words, your priority one (P1) incidents will have a different resolution time and associated cost than that of P2 and P3 incidents. Additionally, the costs associated with support personnel may also vary based on level and skillset. For instance, P1 incidents might require the expertise of both L1 and L2 teams, so calculate accordingly.

Once you’ve determined your annual cost of incidents, the second step involves calculating your annual savings. This can be done by using the estimated percentage of reduction in resolution time that your applied technology delivers. The formula looks like this:

Annual Cost of Incidents X Reduced Time to Resolution (%) = Annual Savings

On the conservative end, some experts believe the average reduced time to resolution a good automation tool could potentially deliver hovers somewhere between 50-75 percent. That means if your annual cost of incidents is $350,000 you could potentially be saving anywhere from $175,000 – $245,000 each and every year. There aren’t too many decision makers who wouldn’t appreciate those kinds of numbers.

For the most part, today’s IT executives are fully capable of understanding the importance of investing in cybersecurity. When it comes to convincing others, however, there may be a bit more work involved. Knowing what data to take into consideration and how to transform that data into quantifiable evidence can help you better drive home the value of threat detection as not just an ancillary component of IT, but a fundamental ingredient in the ongoing safety and success of the organization as a whole.

Click here to read original article.