Harsh Kaur, Regional Account Manager, Trend Micro; Founding Member, CyberGurukul; and ISACA Emerging Trends Working Group Member, 0
According to survey conducted by Frost & Sullivan on ‘Future proofing Security Operations’(2021), on an average day, an infosec professional is bombarded with-
•Above 10k alerts as per 71 percent of respondents
•10-30 percent false positives, as experienced by two-thirds of respondents
•More than 20 discrete data sources to manage, according to 80 percent of respondents
•Managing 50k-1lac endpoints, as indicated by one third of respondents
As a result, they face current pressing challenges-
•Only 25 percent of respondents feel confident of full visibility in their IT environments
•Majority struggle with lack of cybersecurity expertise
•Only 8 percent are assured of no security incident in previous year
Well, with geographical boundaries becoming history, this modern era has indeed witnessed a dramatic transformation in the digital and cybersecurity landscape. This has resulted in our backdrop changing from a managed, monitored and controlled environment to remote, distributed and siloed culture. But on contrary, this has also pushed us to ponder upon some tough questions like those below that may also give us a reality check!
Has rapid digitization led threat actors to hit a new level of maturity? Or has this broken the false sense of safety of traditional perimeter?Is the demise of decades -old technology been need of the hour or actually long due?
While we may have our theories that differ, as security professionals and business leaders we all are entrusted with the extremely critical task of rethinking and reconstructing cyber security strategy that can fight against the burden of 3S-Siloed visibility, Sophisticated threats and Skill shortage.
The Road Ahead
How do we stitch multiple security alerts into one attack story?
-Can we get visualisation and unified visibility of whole kill chain on real time basis?
-Can we quantify the cyber risk?
-How do we prioritize the threats as per severity and
business impact?
-And to sum up, how do we promote always connected defensive security posture?
Well attacks don’t happen in silos and we shouldn’t either.To get answers to such critical concerns, it is key for there to be a partnership between Cyber security and Digitization, as well as transformation from product based to platform centric security strategy on the road ahead.
One such example in action is MDR (Managed Detection and Response) or the next gen SecOps platform that embraces the capabilities of digitization to amplify the security effectives multi-fold, and promise defence in depth for this borderless era by doing the following:
•Stitching alerts across IT vectors i.e. endpoints, email, network and work loads and convert multiple attacks to one attack story that can be monitored through a single console
•Leveraging power of cloud, security data lake offers low-cost cloud data storage as well as scales up security analytics intelligence
•Open API s to integrate with third party security tools for IoC sharing and unified visibility of kill chain
•Using pre-built or customised incident response playbooks that automate response to threats and reduce MTTD (mean time to detect) and MTTR (mean time to response)
•Leveraging generative AI that simplifies the SOC analyst experience and assists in leveraging threat intel capabilities
•Incorporating multiple tools like XDR (Extended Detection & Response), SIEM (Security Information & Event Management), SOAR (Security Orchestration Automation & Response) and security approaches like Attack Surface Risk Management (ASRM) as part of a multi-vector and multi-layer cyber defence platform
Another interesting buzzword in action is SSE or Security Service Edge- the modern framework that offers security of cloud, on cloud and by cloud. By converging the capabilities of data protection and threat protection, SSE
•Promises consistent cum simple web, private access and SaaS application security
•Moves security closer to the user
•And delivers integrated security stack of CASB (Cloud Access Security Broker), SWG(Secure Web gateway) and ZTNA(Zero Trust Network Access)
As defenders, we are currently witnessing such varied, interesting platform stories and security trends to combat advanced malwares and exploits. While we are at the nascent stage of adoption and this journey to overcome is long, tricky and cumbersome, one thing is for sure and that is we will sail through this current crisis to confidence through the partnership of cybersecurity and digitization.
One such example in action is MDR (Managed Detection and Response) or the next gen SecOps platform that embraces the capabilities of digitization to amplify the security effectives multi-fold, and promise defence in depth for this borderless era by doing the following:
•Stitching alerts across IT vectors i.e. endpoints, email, network and work loads and convert multiple attacks to one attack story that can be monitored through a single console
•Leveraging power of cloud, security data lake offers low-cost cloud data storage as well as scales up security analytics intelligence
•Open API s to integrate with third party security tools for IoC sharing and unified visibility of kill chain
•Using pre-built or customised incident response playbooks that automate response to threats and reduce MTTD (mean time to detect) and MTTR (mean time to response)
•Leveraging generative AI that simplifies the SOC analyst experience and assists in leveraging threat intel capabilities
•Incorporating multiple tools like XDR (Extended Detection & Response), SIEM (Security Information & Event Management), SOAR (Security Orchestration Automation & Response) and security approaches like Attack Surface Risk Management (ASRM) as part of a multi-vector and multi-layer cyber defence platform
SecOps platform that embraces the capabilities of digitization to amplify the security effectives multi-fold, and promise defence
Another interesting buzzword in action is SSE or Security Service Edge- the modern framework that offers security of cloud, on cloud and by cloud. By converging the capabilities of data protection and threat protection, SSE
•Promises consistent cum simple web, private access and SaaS application security
•Moves security closer to the user
•And delivers integrated security stack of CASB (Cloud Access Security Broker), SWG(Secure Web gateway) and ZTNA(Zero Trust Network Access)
As defenders, we are currently witnessing such varied, interesting platform stories and security trends to combat advanced malwares and exploits. While we are at the nascent stage of adoption and this journey to overcome is long, tricky and cumbersome, one thing is for sure and that is we will sail through this current crisis to confidence through the partnership of cybersecurity and digitization.