Cybersecurity is hot. Whether it’s because of claims of a complex web of nation-state cyber hacking that have permeated the airwaves for months, or because Elliot Alderson makes hacking look so cool and simple, it seems everyone’s shifting focus to the next “really big thing” in tech. Plenty of funding and a whole lot of M&A bolster huge growth in cybersecurity, and a recent study also claims being a security analyst is a cushy career choice.

It’s true that these well-paying jobs are in high demand, but if you ask people who actually do the day-to-day work of forensic investigations, they’ll tell you it’s much less glamorous than it seems on TV. Days are long, caseloads are heavy, tasks are monotonous and tedious, and expectations are high. The good news, though, is that as the industry grows and technology matures, incident investigations don’t have to be a drag.

Visualize Events for Better Situational Awareness

Thanks to the consumerization of enterprise software, a lot of focus is being put on the aesthetics and usability of administrative interfaces. In fact, according to usability and user experience blog UsabilityGeek, a 2015 report by PwC indicated that out of 2,000 global executives nearly 75% said user experience mattered to them. Although somewhat late to the game, innovations at the presentation layer of security products have started changing how analysts use and interact with the data these products provide.

Datasets are moving away from tired pie charts and line graphs to sophisticated designs that present data based on relevancy to a task or the user’s situation. Forward-thinking vendors are taking innovations a step further, with some even allowing users to choose a presentation style that best suits their individual needs. That could be anything from raw data to 3D modeling or virtual representations of huge data sets.

These new ways of seeing and experiencing security aren’t just exciting because they’re on the bleeding edge, they’re important because they provide analysts and threat hunters with better situational awareness. If they can quickly scan a visualization and know immediately and intuitively what’s going on in their environment, they can be better prepared to take action or to find the root cause of a threat.

Work With High-Quality Evidence

When it comes to forensics, analysts look for both quantity and quality. Until recently, security products limited an organization’s ability to deliver either because doing so involved on-premises hardware that was neither time- nor cost-efficient to manage. The scalability, power, and affordability of the cloud have removed that barrier, making it possible for organizations to retain data sets of virtually infinite size at high fidelity.

What that means for analysts is that they can access a tremendous body of forensic evidence, or execute complex queries on that data that could only be possible using the limitless power of the cloud. Data from multiple sources can now be correlated, giving analysts unprecedented visibility and context into the minute details of security events, enabling them to launch and complete investigations in record time.

Perform Faster With Technology Integrations

The technology that security analysts use has changed dramatically in just a few years time. Point products that perform one function are the state of the art in security today. This presents a tremendous challenge when as many as 70 of these are used within a single organization at a time.

The best tools provide well-documented APIs or SDKs that enable integration between them to make security stacks perform even better. For example, when an Intrusion Detection System (IDS) detects a security event, orchestration can take automatic actions like opening a ticket to notify the appropriate teams, updating a dynamic block list on a firewall or network device or remediating an affected endpoint. Instead of having to access each console automatically, technology integrations ease the workload for busy analysts and threat hunters so they can focus on investigations.

Shift From Reactive to Proactive

Responding to threats reactively is still a fact of life, but many security teams now realize the best defense is actually a good offense. In a recent SANS survey, 86% of respondents said their organizations engage in proactive threat hunting, a human-focused endeavor where analysts actively seek out threats that may not have been caught by detection systems.

Threat hunters spend their time exploring an organization’s network, historical data, and threat analysis to discover potential indicators of compromise. Many of these hunts begin as open-ended investigations – hunches or theories with leads based on an analyst’s intuition, intelligence, and experience.

This strategy is paying off according to 74% of respondents in the SANS survey, who say they’ve reduced their attack surface as a result of threat hunting efforts. The benefits of threat hunting aren’t just enjoyed by the enterprise, though. This shift to a proactive defense strategy is a game changer for security analysts.

Rather than spending their days gathering evidence to investigate an incident that’s already occurred - a chore that can be monotonous and tedious at times - a threat hunter’s job is like playing a game. It’s literally an epic battle between white hats and black hats played out across an often murky technological landscape.

Who wouldn’t want a job like that?