Sign up for our weekly newsletter!
REGISTER NOW |
||
|
||
A Collaborative Approach to Cybersecurity: Beyond ISACs![]() From Facebook and Marriott's Starwood hotels to Google+ and T-Mobile, 2018 saw data breaches compromise the sensitive personal identifying information (PII) of millions of people around the world. Seemingly every week last year a new company had to notify its customers and the public that their systems had been breached, customer data may have been compromised and PII could be impacted. Industry leaders agree, security threats and cyber attacks are only growing in scope and intensity. The continued adoption and popularity of Internet of Things (IoT) devices and cloud computing presents new challenges and security risks for already understaffed and overworked security operations centers (SOCs). And while bad actors are maturing, the security skills gap is growing wider and more severe. So, how can we learn from the breaches of 2018 and bolster the security industry through 2019 and beyond? Through a new approach to security. As ESG and countless others have reported, the security industry isn't getting talent fast enough, which means SOCs need to do more with less. Automation and collaboration could help them do that -- and perhaps even level the playing field.
Cybersecurity skills shortage A lack of trained personnel exacerbates the already difficult task of managing cybersecurity risks, and the shortage of security skills leaves organizations increasingly vulnerable to bad actors. For many companies, overburdened and understaffed security teams perform time-consuming tasks such as integration and analysis manually, causing them to focus on security silos (more on that in a minute) rather than the big-picture threat environment. Because many organizations lack the necessary resources and security staff to handle the constantly growing number of alerts, many threats are left uninvestigated. From the labor shortage to the ever-evolving threat landscape, organizations can only investigate 56% of the security alerts they receive on a given day, according to Cisco's 2017 Security Capabilities Benchmark Study. Just half of the investigated alerts (28%) are deemed legitimate, and less than half (46%) of legitimate alerts are actually remediated. In addition, 44% of security operations managers see more than 5,000 security alerts per day, making effective cybersecurity unmanageable. In short, cybersecurity professionals, are outnumbered, and the projected shortage of qualified professionals only compounds the issue. Working together to reduce the number of labor-intensive security practices and the number of tools necessary to triage, investigate and resolve security alerts is vital. We're in this fight together and will sink or swim based on our ability to collaborate to secure our digital future.
Collaboration as a necessity Today, too many IT and security teams integrate myriad tools and disparate security solutions to protect their infrastructure and most critical data. From access control and endpoint protection to monitoring and incident response, many organizations have deployed security solutions in different areas of the networked ecosystem that require individual management, rather than integrated solutions. Consequently, getting every security component to efficiently work together and protect against cyber attacks poses significant challenges and opens the door for bad actors to cause harm. Today's sophisticated attack strategies often take advantage of vulnerabilities posed by organizations with institutionalized controls and inflexible responsibilities that isolate personnel and restrict resources to teams with specific silos of responsibility. As a result of siloed security solutions, security teams are forced to jump from platform to platform, gathering all of the information required to ameliorate any threats. Threat intelligence is isolated, and detecting the increasingly sophisticated threats requires a manual process that most organizations simply do not have the time or resources to support. This fractured infrastructure allows hackers to hide in the gaps between control systems. Collaborative SOCs are communities that share information and use cases on how to identify and solve against cyber attacks, helping protect valuable customer information. This collaborative focus takes SOCs beyond the Information Sharing and Analysis Centers (ISACs) and indicators of compromise to embracing common standards and protocols collectively to achieve more comprehensive and resilient cybersecurity. To gain leadership in cybersecurity and transform it from a concern to an opportunity, everyone in the industry, not just collaborative SOCs and ISACs, must work together to share intelligence, best practices and lessons learned amongst a network of trusted peers. Beyond sharing information, security communities should also consider collaborating on research to better identify and counter specific threats. When we work together, we're stronger in our defense against cyber threats, so the private and public sector's best and brightest are needed to collaborate and address the increasing cybersecurity threats.
Automation to unlock collaboration Automation technologies -- such as security orchestration, automation and response (SOAR) solutions -- are making such an impact because of the increased operational effectiveness they drive within an organization's SOC. When seamlessly integrated with an organization's people, processes and technologies, automation can help prevent successful cyber attacks and encourage collaboration across security silos. Beyond furnishing security teams with the resources they need, SOAR technologies create a more streamlined method for detecting and responding to cyber threats, which only bolsters collaboration. When we work together to secure our collective digital future, we leverage our shared resources and our combined skills and expertise to increase the effectiveness of our collective SOCs. Ultimately, collaboration can help your organization conserve resources, which is both good for the bottom line and your overall security posture. Through the automation of containment and analysis, for example, security teams can quickly make a decision based on automated investigations. No more manual mistakes. No more missed threats. No longer is your security team responding to alerts too slowly to take effective action. Not only do SOAR technologies significantly speed time to resolution, they free up security operations teams to focus on more complicated and critical issues that require thoughtful solutions. In the end, data breaches are not going away, and as the threat of cyber attacks continues to grow in the new year, organizations need to reconsider how they approach security in 2019. Stop worrying about embarrassment to your company and start collaborating with others. The scarce amount of human resources in the cybersecurity industry signals the need for both collaboration and security orchestration, automation and response technologies to break down security silos and secure the world's digital future. SOAR improves the value of security teams and better protects organizations' most sensitive data by empowering security operations teams with easy and optimized decision-making capabilities. Teams are liberated to do more thoughtful work, which enables better, faster and more effective security operations. As IT infrastructures continue growing, securing them will continue being a significant challenge for any business in any industry, but collaboration is the best solution for preventing successful cyber attacks. — Cody Cornell is CEO and founder of Swimlane. |
Latest Articles
The German Federal Government wants to join forces with other European partners to create a secure cloud for Europe called GAIA-X.
Be alert, be aware, and be careful about what you reveal of your company's internal processes on social media.
The Microsoft Defender ATP Research Team has begun to discuss a polymorphic threat, Dexphot, that it has been tracking for over a year.
'Improper Restriction of Operations within the Bounds of a Memory Buffer' tops this year's list.
A security vulnerability affecting the Linux enterprise search tool Apache Solr has been reclassified by Tenable as 'high severity status.'
Information Resources
upcoming Webinars
ARCHIVED
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London Podcasts
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security. ![]() like us on facebook
|
|
![]() |
||
![]() |
Security Now
About Us
Contact Us
Help
Register
Events
Supporting Partners
Twitter
Facebook
RSS
Copyright © 2019 Light Reading, part of Informa Tech, a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use in partnership with
|