Story image

The 'dream team' for future-proofing security operations

29 Aug 17

Article By Michael Sentonas, CrowdStrike vice president of technology strategy

It’s no secret that even the most skilled and experienced of IT security professionals struggle to maintain a full grasp of the cybersecurity threat landscape and the most current threats.

Security Operations Centre (SOC) teams can face anywhere from 50 to 100,000 threat alerts a day, which is overwhelming to sift through and prioritize. On top of this, real-time, proactive threat hunting continues to be a major challenge as many organisations struggle to marshal the resources needed for continuous, around the clock monitoring.

The reality is, the modern day threat landscape is changing rapidly, and SOC’s must assemble their best teams to combat this and stay ahead. The right combination of applying technology, intelligence and people can make or break security operations of businesses across Australia.

Technology

As a first step, rather than employing a small number of point products and features to plug specific gaps in their security posture, SOCs need to leverage platforms.

Often companies opt to layer tools upon tools in their cybersecurity arsenal in the hope of keeping pace, but unfortunately, this “band aid” methodology is not capable of keeping hackers away for long and can make life harder for security operators in the long run.

Patching together incongruent solutions increases complexity, and even heightens security vulnerabilities – adding more people and more logins and therefore vulnerability to the mix.

In addition, security leaders need to remove communication delays between team members and tools, enabling streamlined collaboration through a platform-based approach.

With one platform and one approach, SOCs can focus more time on protecting their networks, instead of dealing with piecemeal patching, layers of complexity, and more.

Intelligence

Threat intelligence is critical in informing the detection capabilities of SOC teams and enabling them to effectively prioritise alerts. In order to fully operationalise threat intelligence, SOCs need to identify existing intelligence gaps and formulate a framework of intelligence priorities based on these gaps.

Further to this, they must incorporate and consolidate intelligence sources and develop a process for effectively disseminating information internally to keep the entire organisation abreast of threats as they occur.

With a structure in place that prioritises and consolidates intelligence, SOCs can improve upon their response strategy, saving themselves time and enhancing their organisation’s overall defence.

People

Another key component for the successful deployment of threat intelligence and overall security operations is the talent behind it. It is vital that SOC teams have skilled intelligence analysts who can review inbound intelligence and produce relevant analysis for the organisation.

As threats continue to advance and adversaries get faster and smarter, even the most advanced SOC teams will need to ensure they have 24/7 coverage.

The evolution of today’s threats and adversary tactics mandates that the cyber defence used in organisations must evolve quickly and leverage future proof methodologies that can stand up to the ever-changing landscape.

As SOC team leaders look to drive operational effectiveness and enhance the productivity of their team, proactive technology, intelligence and people will be critical to future-proofing every business.The power behind this trio will enable the SOCs of the future to be more efficient and effective at stopping breaches.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.