The frequency and severity of cyber-attacks increase every year, and COVID-19 only accelerated this trend. According to Check Point, cyber-attacks have increased 70% over the last year. In the face of this constant threat, the number one cybersecurity priority for today’s CISOs is getting back to the basics. Simply put, this means refocusing your efforts to ensure alignment with corporate/enterprise objectives.
CISO’s need to ensure the protection of mission-critical data and applications by extending high-value preventative standards to service providers and vendors. To get this done, CISOs must carry the torch, leading the way by doing the hard work of assessing, categorizing, and prioritizing which applications and data are the most valuable to the business. All the while, fostering a culture of secure systems architecture and engineering to build a standard of security-focused (risk-averse) business operations.
When it comes to implementation, there is no such thing as set-it-and-forget-it security. An organization’s preventative measures are only as good as the implementation, daily management, and the logs that accompany them. Followed by limiting dwell-time, lateral movement, and possible exfiltration of sensitive data. Developing a defense-in-depth strategy that limits infiltration is just the beginning.
Often, this security approach involves a series of independent implementations that only solve one problem. This leads to tool sprawl that increases costs and adds operational complexity. So, once you’ve built a robust cybersecurity strategy, we recommend finding the most consolidated enterprise security architecture available—one that also achieves your desired goals. Consolidated prevention tools make security easier to implement, monitor, and control. This maximizes the effectiveness of Security Operations Center (SOC) operations and actionable outcomes.
Upon establishing the right-sized, highest-value security architecture for your organization, you must also ensure the management of the SOC is fully enabled with actionable monitoring intelligence to maximize the value of your logs. It’s not enough just to have logs; they need to be the right logs, and they need to provide actionable information. Technical gates, alerts, and logging are most valuable when they provide this kind of intelligence. The presence of too much uncorrelated, non-actionable data is noise and will slow you down in the struggle to identify and recover from breaches. This is true for small businesses as well as large enterprises.
Getting back to basics by attaching high-value security concerns to all business objectives is the best way to ensure employees can conduct their work safely. Remember: security measures are only truly valuable once you fully appreciate the threats and risks posed to YOUR business. Focus on the most valuable corporate assets first, strengthening, and deepening protection of ancillary systems secondarily, while also using patterns to set policy and compliance standards along the way.
Similarly, if SOC operational analysts are unable to automate routine tasks based on telemetry and intelligence, it’s likely because the data isn’t effective. Take some time to evaluate your protections. Work to reduce tool sprawl and data overlap. Find tools that leverage Artificial Intelligence (AI) and Machine Learning (ML) for attack-pattern recognition across multiple levels of defense, to transform your SOC into a highly effective action center.
Anexinet offers Cybersecurity Services through its SaaS Managed Detection & Response (MDR), including Governance, Risk & Compliance, Threat Defense, Identity & Access Management, Infrastructure & Cloud, Data & Application, Endpoint, and Detection & Response. If you have questions about any of this and would like to have a conversation about security, don’t hesitate to reach out.
This article was co-authored by Dave Mahoney Enterprise Services Architect and Chris Hayner, Enterprise Solutions Architect.