Story image

The 'dream team' for future-proofing security operations

29 Aug 2017

Article By Michael Sentonas, CrowdStrike vice president of technology strategy

It’s no secret that even the most skilled and experienced of IT security professionals struggle to maintain a full grasp of the cybersecurity threat landscape and the most current threats.

Security Operations Centre (SOC) teams can face anywhere from 50 to 100,000 threat alerts a day, which is overwhelming to sift through and prioritize. On top of this, real-time, proactive threat hunting continues to be a major challenge as many organisations struggle to marshal the resources needed for continuous, around the clock monitoring.

The reality is, the modern day threat landscape is changing rapidly, and SOC’s must assemble their best teams to combat this and stay ahead. The right combination of applying technology, intelligence and people can make or break security operations of businesses across Australia.

Technology

As a first step, rather than employing a small number of point products and features to plug specific gaps in their security posture, SOCs need to leverage platforms.

Often companies opt to layer tools upon tools in their cybersecurity arsenal in the hope of keeping pace, but unfortunately, this “band aid” methodology is not capable of keeping hackers away for long and can make life harder for security operators in the long run.

Patching together incongruent solutions increases complexity, and even heightens security vulnerabilities – adding more people and more logins and therefore vulnerability to the mix.

In addition, security leaders need to remove communication delays between team members and tools, enabling streamlined collaboration through a platform-based approach.

With one platform and one approach, SOCs can focus more time on protecting their networks, instead of dealing with piecemeal patching, layers of complexity, and more.

Intelligence

Threat intelligence is critical in informing the detection capabilities of SOC teams and enabling them to effectively prioritise alerts. In order to fully operationalise threat intelligence, SOCs need to identify existing intelligence gaps and formulate a framework of intelligence priorities based on these gaps.

Further to this, they must incorporate and consolidate intelligence sources and develop a process for effectively disseminating information internally to keep the entire organisation abreast of threats as they occur.

With a structure in place that prioritises and consolidates intelligence, SOCs can improve upon their response strategy, saving themselves time and enhancing their organisation’s overall defence.

People

Another key component for the successful deployment of threat intelligence and overall security operations is the talent behind it. It is vital that SOC teams have skilled intelligence analysts who can review inbound intelligence and produce relevant analysis for the organisation.

As threats continue to advance and adversaries get faster and smarter, even the most advanced SOC teams will need to ensure they have 24/7 coverage.

The evolution of today’s threats and adversary tactics mandates that the cyber defence used in organisations must evolve quickly and leverage future proof methodologies that can stand up to the ever-changing landscape.

As SOC team leaders look to drive operational effectiveness and enhance the productivity of their team, proactive technology, intelligence and people will be critical to future-proofing every business.The power behind this trio will enable the SOCs of the future to be more efficient and effective at stopping breaches.

Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.