Following on from my previous post regarding the importance of understanding the different functions and benefits a human and a machine can deliver in a cyber security framework. It is interesting to see that a security automation and orchestration solution from Phantom Cyber took best of show at RSA this year.
With the company CISO suggesting that, with the support of their solution (machine), a single full time employee can perform the task traditionally delivered by five humans.
Now couple this with an article Forbes published at the beginning of the year, which stated that its sources indicate there will be one million cyber security job openings in 2016, and that demand is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million. This only compounds the importance of establishing a balance between man and machine based automation and orchestration into an organisation's cyber security architecture/framework.
I predict that the security automation and orchestration market will get into its stride in 2016. We have already seen FireEye acquire Invotas with its catchy tagline 'automate or die' (rather extreme but I like it) and I suspect that many other advanced threat detection and response organisations will be looking to add this capability to their portfolio too.
An interesting area to keep an eye on this year for sure.
By any measure, Phantom Cyber is a David in a world of security Goliaths. Yet it scored top honors as the Most Innovative Startup of RSA 2016 Innovation Sandbox contest. It has raised less money than most of other contenders. Yet it’s offerings were seen as novel, even ground breaking. One of the early investors in Phantom, Jay Leek, CISO of Blackstone says “Phantom is the first-mover in the automates the workflow from alerts to investigation and remediation. Such automation can empower one FTE (Full Time Equivalent) to do as much as five FTEs once deployed at scale. We can now drive consistency across operational functions by eliminating human errors. We can isolate a computer with one click, or a “kill switch”, if destructive malware is detected. This is why we think this is so important.”