sb-au logo
Story image

The 'dream team' for future-proofing security operations

Article By Michael Sentonas, CrowdStrike vice president of technology strategy

It’s no secret that even the most skilled and experienced of IT security professionals struggle to maintain a full grasp of the cybersecurity threat landscape and the most current threats.

Security Operations Centre (SOC) teams can face anywhere from 50 to 100,000 threat alerts a day, which is overwhelming to sift through and prioritize. On top of this, real-time, proactive threat hunting continues to be a major challenge as many organisations struggle to marshal the resources needed for continuous, around the clock monitoring.

The reality is, the modern day threat landscape is changing rapidly, and SOC’s must assemble their best teams to combat this and stay ahead. The right combination of applying technology, intelligence and people can make or break security operations of businesses across Australia.

Technology

As a first step, rather than employing a small number of point products and features to plug specific gaps in their security posture, SOCs need to leverage platforms.

Often companies opt to layer tools upon tools in their cybersecurity arsenal in the hope of keeping pace, but unfortunately, this “band aid” methodology is not capable of keeping hackers away for long and can make life harder for security operators in the long run.

Patching together incongruent solutions increases complexity, and even heightens security vulnerabilities – adding more people and more logins and therefore vulnerability to the mix.

In addition, security leaders need to remove communication delays between team members and tools, enabling streamlined collaboration through a platform-based approach.

With one platform and one approach, SOCs can focus more time on protecting their networks, instead of dealing with piecemeal patching, layers of complexity, and more.

Intelligence

Threat intelligence is critical in informing the detection capabilities of SOC teams and enabling them to effectively prioritise alerts. In order to fully operationalise threat intelligence, SOCs need to identify existing intelligence gaps and formulate a framework of intelligence priorities based on these gaps.

Further to this, they must incorporate and consolidate intelligence sources and develop a process for effectively disseminating information internally to keep the entire organisation abreast of threats as they occur.

With a structure in place that prioritises and consolidates intelligence, SOCs can improve upon their response strategy, saving themselves time and enhancing their organisation’s overall defence.

People

Another key component for the successful deployment of threat intelligence and overall security operations is the talent behind it. It is vital that SOC teams have skilled intelligence analysts who can review inbound intelligence and produce relevant analysis for the organisation.

As threats continue to advance and adversaries get faster and smarter, even the most advanced SOC teams will need to ensure they have 24/7 coverage.

The evolution of today’s threats and adversary tactics mandates that the cyber defence used in organisations must evolve quickly and leverage future proof methodologies that can stand up to the ever-changing landscape.

As SOC team leaders look to drive operational effectiveness and enhance the productivity of their team, proactive technology, intelligence and people will be critical to future-proofing every business.The power behind this trio will enable the SOCs of the future to be more efficient and effective at stopping breaches.

Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
Thales: A/NZ cybersecurity approach more talk than action
“While some organisations are talking a good story … predicted spending shows that most have the wrong focus.”More
Story image
Five security challenges for the Enterprise of Things
Many enterprise networks aren't adequately managed, creating risk for businesses that don’t have full visibility into all of the devices on their network, writes Forescout regional director for A/NZ Rohan Langdon.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More