CISOs are born leaders, the role of a Chief Information Security Officer is not easy and there are a number of challenges for CISOs to address related to infrastructure, existing security portfolio and adoption of innovative and incisive technologies. As the number of threats keeps growing; be it ransomware, targeted attacks aimed at stealing the most sensitive data or sophisticated malware tiptoeing around implemented security measures, the CISO’s goals are not easily achieved. Careful planning is needed to meet the growing demands, keep their enterprise secure throughout the year, and get a good return on investment.
When it comes to upgrading a solution a whole lot of questions arise that outline and define the nature of the solution to be placed within the enterprise. One of these questions revolves around the combined flexibility of a solution. In our experience at Cyberbit, we have observed general trends and obstacles commonly found within enterprises that define adoption of a technology in their portfolio.
SOC Flexibility – Blending with Existing Technologies
Over the long term, CISOs invest and reinvest in solutions that provide problem-solving capabilities and strengthen their overall security posture by adding a ‘new brick to the wall’ to solve an unmet need or improving operational efficiency. When it comes to procurement of new technologies, it is important that it either supplements or complements some of the native products for optimum utilization. How a new technology will fit in and work together with the existing solutions is an important criterion when making a decision about introducing new technology into the security basket. The technologies already implemented in the SOC have been carefully tweaked and numerous hours put into calibration. All this in addition to the monetary cost. Some of the existing technologies, such as SIEM (Security Information and Event Management), have become a cornerstone of security operations. Introducing a modern technology must be a well-considered decision, making sure it will indeed satisfy the missing brick in the wall without adversely affecting the usability of previous portfolio technologies.
SOC Flexibility to Solve Unknowns
As the threat landscape expands and the number of unknowns rises, traditional technologies begin to fall short and fail to detect the latest attacks. So CISOs are constantly looking for sharp new technologies to address and solve these new vulnerabilities. They seek solutions to help improve detection of unknowns, advanced threat detection, threat hunting across a broad plethora of collected data, improve SOC efficiency, and security awareness and skill development. If the modern technology speaks a new language or has difficulty communicating with existing technologies, there is a serious risk of information loss, making it imperative to select technologies that easily integrate and communicate with other technologies already deployed in the SOC.
SOC Flexibility in Actions and Response in a Sequence
The problem of low SOC efficiency has become critical. The mounting pressure of new, sophisticated attack types, growing alert volumes and the multitude of security tools in place has made it nearly impossible for the SOC to keep pace with incoming threats. These pressures spurred the invention of next-generation Security Automation and Orchestration (SOAR) platforms to leverage automation in carrying out response procedures according to the specific incident type. SOAR technology should clearly visualize the ongoing automated tasks so that SOC analyst have a clear understanding of the remediation stage and at the same time allows for flexibility. One CISO of a large financial institution described the need for flexibility, stating that the “ability to change the sequence of tasks should be fairly simple and should not require extensive effort to make changes and deploy”.
SOC Flexibility in Analyst Knowledge Transfer
The global cybersecurity talent shortage is waxing, and the pool of available SOC analysts continues waning. In most companies, SOC analyst turnover is very high and each time a team member leaves he or she takes their knowledge and experience operating the SOC with them. This means that SOC flexibility in terms of knowledge transfer and retainment is very important. The knowledge regarding mitigating of incidents, processes and technology should be shared effectively between all analysts. Analysts tend to gain a lot of knowledge and experience that is often specific to their operations and processes. If this knowledge and experience isn’t effectively transferred between analysts, it can significantly slow down incident response time and damage SOC efficiency and maturity.
The role of CISO is constantly evolving and there is a perpetual need to adopt new, advanced technologies to keep pace with threats despite the skill shortage. This means that both CISO and the technologies they select must be flexible. Achieving SOC flexibility means, modern technologies must be flexible to fit into the current SOC architecture and positively affect overall SOC efficiency and security status.
Amit Ramesh Sharma is a Sales Engineer at Cyberbit APAC.