The right people make a SOC really effective
Security Operation Centers: the Front Line for Defeating Cyberattacks in a Cloud-Dominated Universe
At the 2018 World Economic Forum, out of 30 possible global risks tracked by the organization, the potential damage from cyber attacks was named the third most likely to happen, right after extreme weather events and natural disasters. But let’s be honest: this disturbing trend comes as no surprise.
Remember last year’s breach that exposed the data of some 57 million Uber passengers for users for more than a year? Or the WannaCry ransomware attack wreaking havoc in our hyperconnected world? Or, most recently, Facebook’s privacy trainwreck? By the way, just as a PSA from your friendly neighbourhood CISO, you should probably check your credit report if you haven’t lately.
These are just a few incidents that have made the headlines in the past few months (read: these are just the ones that have been publicly disclosed). Many of these cybercriminals are very intelligent and, perhaps more importantly, creative. That said, many of them are still using the same tools and tricks they have been using for a decade. It's just that the digital world is a lot bigger and there are more people with access to sensitive data, which increases the potential for mistakes. And frankly, the risk vs. reward is just too tempting for cybercriminals, especially those operating from somewhere on the Balkans.
The word is out. Security teams and CSOs/CISOs know they can't get sloppy, and there is no lack of technology available to help them meet minimum security requirements. If it were strictly the by-night Mr. Robot and Elliot Andersons of the world against today's technology and experienced security teams, I'd put my money on the good guys. Unfortunately, many companies are still dealing with vulnerable legacy applications and outdated access control methods, and that tilts the tables in favour of the bad guys.
In TrendMicro’s latest predictions report, Paradigm Shifts, they list the convergence of information technology (IT) and operational technology (OT) as a trend that puts enterprise applications at risk. This is the crux of the IoT threat. As the digitally connected world gets bigger and cloud environments reach a higher degree of maturity, companies are increasingly exposed to malicious attacks. As a consequence, organizations – especially software providers – have to adapt their security measures to this new reality.
Changing the Methods
The new threats force every one of us to review their processes constantly and adapt their security strategy to fit the requirements of cloud-focused enterprises. Because, as Gartner puts it:
“A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link–people–to do so. This means adapting your security setup to focus on detection, response, and remediation. That’s where the cybersecurity fight is today. In the future, it will most likely move to prediction of what’s coming before anything happens.” Kasey Panetta, Gartner.
And if you want to be more proactive with cybersecurity and more predictive and preventative of increasing risks and threats, I think the use of a Security Operations Centre — a SOC, is indispensable!
A SOC does not come alone
A SOC is more than a cool-looking space. It is an integral part of your strategy to prevent attacks before they happen, certainly if it also houses a Computer Security Incident Response Team (CSIRT). Because that also is a crucial component for ensuring the security and success of your business.
In the SOC, the CSIRT uses the latest security software to provide 24x7 monitoring of your applications, along with ongoing analysis of information and event correlations identified by specialists. Advanced threat detection provides immediate intelligence to the security team so that they are alerted of a potential threat. This way, you’re able to foresee problems that could impact your customers, analyse attack trends, stay up-to-date on regionalized threats through connections in the global threat intelligence community, and keep an eye on abnormal uses of the platform.
The SOC is an evolutionary step in security. People alone cannot correlate millions of data points and spot trends and track usage on such a large scale. And software lacks the intuitiveness that comes from years of security research. So a good SOC brings the best of both software and people together for tighter security and better protection.
See this page for more information about Sentry, a new Security Service from OutSystems, making use of a SOC in combination with a CSIRT