Security analysts play a critical role in the cybersecurity field. Some say they are the linchpin in the security operations center.

The security analyst experience is paramount, as they play an essential role in decision-making, applying processes and using technology to protect organizations from cybersecurity threats. They handle immense pressure, much like air traffic controllers, and often have to navigate complex, fast-moving situations that can lead to burnout if not managed well. To tame this challenge, CrowdStrike Holdings Inc.’s managed detection and response offers a hands-on and end-to-end remediation that enhances security efficacy, making security analysts’ lives easier, according to Allie Mellen (pictured), principal analyst at Forrester Research Inc.

“I worked with a CISO who would frequently talk about security analysts, and he would jokingly, kind of half-jokingly, say that they had the worst job in the world,” Mellen said. “Those that have a [managed detection and response] service tends to understand analyst experience much better than those that don’t. They understand what needs to be done to help their analysts make decisions faster and so they can feed that back. It’s like a great product feedback loop to help improve the product over time.”

Mellen spoke with theCUBE industry analysts Lisa Martin and Dave Vellante at the Fal.Con event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the important role of security analysts and how their work experience can be enhanced using solutions provided by top security companies, including CrowdStrike. (* Disclosure below.)

How generative artificial intelligence is helping security analysts

With generative AI taking the world by storm, it’s proving to be a game-changer in many sectors. As a result, it can make security analysts’ work easier by alleviating tasks, such as report writing. And CrowdStrike is helping in this area, according to Mellen.

“We see a lot of vendors in this space looking at things like generative AI and their potential applications to improve this,” she stated. “Obviously, CrowdStrike made a lot of announcements around this with Charlotte AI, and I’m really excited about the potential here, both from the standpoint of things like reporting on incidents, making that a lot easier for the analysts so they don’t have to be writing reports all the time.”

Doing research both on the process and people sides is of the essence in cybersecurity, because it plays an instrumental role in comprehending the underlying technology, Mellen pointed out. For instance, it has come to the forefront that content switching is negatively affecting most security analysts.

“I’ve been with Forrester for a little over two and a half years, and I cover security operations,” Mellen said. “A lot of people think of Forrester, and they think of the technologies that they cover. In that case for me, it’s EDR, XDR, SIEM, SOAR and security analytics. We have data from thousands of security decision makers that says that investigation by far takes the longest. It’s not detection, it’s not response, it is the investigation and the trying to figure out what’s actually happening.”

CrowdStrike is evolving because it’s going beyond being an endpoint-centric company. As a result, it’s using its expertise and domain knowledge gained from the endpoint and expanding it to other telemetry for enhanced security operations, according to Mellen.

“They’re taking a much broader view and starting to look outside of the endpoint at other sources of telemetry, both that they own and then third party as well,” she explained. “I see this as a huge pivot point for the company, and I’m very, very excited to see where they take it next.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Fal.Con event:

(* Disclosure: CrowdStrike Inc. sponsored this segment of theCUBE. Neither CrowdStrike nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE