“I changed jobs and they didn’t have ATA, so I was back to working with a SIEM spitting out a gazillion alerts. It was like going to a company that didn’t have email.”
--ATA user after moving to an MSSP without ATA
The rise and fall of technology comes at such a rapid pace these days that we often make the mistake of thinking “things have always been this way” when, really, they haven’t. For example, those of us of “a certain age” remember when email replaced faxes and the U.S. Postal Service. We also remember when executives didn’t know how to type (the PC forced them to learn), and when researching a subject required a trip to the library. We even remember when, if you were lucky, your office had a few clunky mobile phones that employees could share when on business trips.
And yet today, we take the PC, email, internet and smartphones for granted. But when they were first rocketing up the adoption curve, these technologies created brief moments of technological disparity where the business world became a landscape of “haves” and “have nots.” (The existence of a typing pool, for example, was a clear indicator of a “have not” during the PC’s ascent.)
As an employee, moving between such companies could mean either rocketing into the future, or lapsing into the past. As our customer said in the quote that starts this post, imagine if you’d fully adopted email at one company, and then moved to another company that still relied on fax and physical letters? Most likely, you’d become disillusioned with your “have not” environment in fairly short order.
In the security world, incident responders are experiencing this same phenomenon. They move from one company that has implemented technology (like, ahem, ATA) that cleanses false positives from its SIEM, and one that has not, and it’s like lapsing back into the days of shared mobile phones and typing pools.
In the world of technology, there is a very short fuse for being a “have not.” If you don’t adopt the technology of the “haves” very quickly, it will lead to profound competitive issues as your competition becomes more efficient and effective across every dimension – from operations to employee morale. What’s your situation? Do you work for a “have” or a “have not”?