Follow by Email

Tuesday, February 3, 2015

How to overcome the daily challenges of a security team

The constantly evolving cyber threat landscape is resulting in new challenges and approaches for today’s security analyst teams.

In the past, companies looked at the importance of hiring talented and experienced CISOs to lead the establishment of security and incident-response teams. Now, emerging threats posed by advanced cybercriminals and the possible damage of a sophisticated rogue insider are changing that trend as companies move beyond traditional security methods and adopt new strategies such as profiling user behavior and leveraging big data analytics. As a result, more companies are shifting towards understanding the importance of hiring diverse teams of talented individuals to develop and then implement these new methods and technologies to secure the cyber front.

That in mind, the institutionalization of domestic security and incident-response into a distinct profession have formed three major challenges for large enterprises:

1. Regulations – The fact that attacks are becoming more common has created a beast. Companies nationwide are constantly learning from each other's mistakes and are forming an ever-extending list of internal regulations aimed at preventing yesterday's attack form. While no company wants to be the next Target, or to discover the next Ed Snowden, strict security regulations are demanding growing attention from the exact people who are supposed to always be on the highest alert.

2. Routine – Sets of regulations are usually accompanied by a strict response protocol and create every analyst's nightmare. Endless sheets of potential cases and responses are carefully drafted to make sure no analyst will miss a curtail step when dealing with an incoming alert. While no two incidents are the same, one of the toughest challenges analysts face is to keep treating every alert like it's their first. Eventually, and usually in later hours of the day, routine becomes a key factor. 

3. Abundance – Data sources and analytical tools are flooding security teams these days. The ability to correlate events from every part of the company's network has become a prime order. Instead of looking where attackers and rogue insiders may be doing their harm, we often flood ourselves with information that has the dangerous potential of causing us to look away from where threats are most often found.

So how does a security team go about prioritizing different possible risk factors? While there are no simple answers, a small shift in approach is in many cases the first step in the right direction. We offer these suggestions to struggling and successful security teams as one:

1. Gain visibility – Security services are now sold in bulk, in separate and sometimes even two for the price of one. One thing you can be sure of is that new technologies and services now come in great packaging, bright colors, big buttons and cleaner interfaces. Security teams should look to tools that provide immediate value and offer to better project the events that usually go undetected. In an era of stealthier attackers and rogue insiders, better visibility is the first key to mitigating today’s threats.

2. Beware of false-positives – With security practices becoming more strict and prone to protocol, new technologies and services hold the biggest promise to emancipate security analysts from the routine of day-to-day practices. Beware services offering to decrease treatment time, but hide the risk of having high false-positive rates. Look not only for the most efficient platform, but the one that provides better end-results.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.