Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management //

SOC

2/5/2019
07:00 AM
Cody Cornell
Cody Cornell
Cody Cornell
50%
50%

A Collaborative Approach to Cybersecurity: Beyond ISACs

When it comes to fighting cyber threats, automation and collaboration could help SOCs do more with less.

From Facebook and Marriott's Starwood hotels to Google+and T-Mobile, 2018 saw data breaches compromise the sensitive personal identifying information (PII) of millions of people around the world. Seemingly every week last year a new company had to notify its customers and the public that their systems had been breached, customer data may have been compromised and PII could be impacted.

Industry leaders agree, security threats and cyber attacks are only growing in scope and intensity. The continued adoption and popularity of Internet of Things (IoT) devices and cloud computing presents new challenges and security risks for already understaffed and overworked security operations centers (SOCs). And while bad actors are maturing, the security skills gap is growing wider and more severe.

So, how can we learn from the breaches of 2018 and bolster the security industry through 2019 and beyond? Through a new approach to security. As ESG and countless others have reported, the security industry isn't getting talent fast enough, which means SOCs need to do more with less. Automation and collaboration could help them do that -- and perhaps even level the playing field.

Cybersecurity skills shortage
Current projections state there will be 3.5 million unfilled security jobs around the globe by 2021. Cybersecurity Ventures and others report the current and growing shortage in skilled security professionals does "direct and measurable damage" to the industry as a whole. And while SOCs are struggling to get the staff they need, they are also duplicating valuable time and effort to complete similar -- if not identical -- investigations, workflows and incident response processes to cyber threats that are only increasing in severity and frequency.

A lack of trained personnel exacerbates the already difficult task of managing cybersecurity risks, and the shortage of security skills leaves organizations increasingly vulnerable to bad actors. For many companies, overburdened and understaffed security teams perform time-consuming tasks such as integration and analysis manually, causing them to focus on security silos (more on that in a minute) rather than the big-picture threat environment. Because many organizations lack the necessary resources and security staff to handle the constantly growing number of alerts, many threats are left uninvestigated.

From the labor shortage to the ever-evolving threat landscape, organizations can only investigate 56% of the security alerts they receive on a given day, according to Cisco's 2017 Security Capabilities Benchmark Study. Just half of the investigated alerts (28%) are deemed legitimate, and less than half (46%) of legitimate alerts are actually remediated. In addition, 44% of security operations managers see more than 5,000 security alerts per day, making effective cybersecurity unmanageable.

In short, cybersecurity professionals, are outnumbered, and the projected shortage of qualified professionals only compounds the issue. Working together to reduce the number of labor-intensive security practices and the number of tools necessary to triage, investigate and resolve security alerts is vital. We're in this fight together and will sink or swim based on our ability to collaborate to secure our digital future.

Collaboration as a necessity
Bad actors are constantly working together, sharing tools and techniques for penetrating security systems, and the only chance we have of keeping up is to work together as well. Just as countries align against common enemies, we must adopt a similar posture or will likely fall further behind.

Today, too many IT and security teams integrate myriad tools and disparate security solutions to protect their infrastructure and most critical data. From access control and endpoint protection to monitoring and incident response, many organizations have deployed security solutions in different areas of the networked ecosystem that require individual management, rather than integrated solutions. Consequently, getting every security component to efficiently work together and protect against cyber attacks poses significant challenges and opens the door for bad actors to cause harm.

Today's sophisticated attack strategies often take advantage of vulnerabilities posed by organizations with institutionalized controls and inflexible responsibilities that isolate personnel and restrict resources to teams with specific silos of responsibility. As a result of siloed security solutions, security teams are forced to jump from platform to platform, gathering all of the information required to ameliorate any threats. Threat intelligence is isolated, and detecting the increasingly sophisticated threats requires a manual process that most organizations simply do not have the time or resources to support. This fractured infrastructure allows hackers to hide in the gaps between control systems.

Collaborative SOCs are communities that share information and use cases on how to identify and solve against cyber attacks, helping protect valuable customer information. This collaborative focus takes SOCs beyond the Information Sharing and Analysis Centers (ISACs) and indicators of compromise to embracing common standards and protocols collectively to achieve more comprehensive and resilient cybersecurity.

To gain leadership in cybersecurity and transform it from a concern to an opportunity, everyone in the industry, not just collaborative SOCs and ISACs, must work together to share intelligence, best practices and lessons learned amongst a network of trusted peers. Beyond sharing information, security communities should also consider collaborating on research to better identify and counter specific threats. When we work together, we're stronger in our defense against cyber threats, so the private and public sector's best and brightest are needed to collaborate and address the increasing cybersecurity threats.

Automation to unlock collaboration
SOCs still doing security the manual way need to catch up to automated bad actors, and the best way to fight automation is with automation. Given the imminent shortage of qualified cybersecurity professionals, automation is more vital now than ever.

Automation technologies -- such as security orchestration, automation and response (SOAR) solutions -- are making such an impact because of the increased operational effectiveness they drive within an organization's SOC. When seamlessly integrated with an organization's people, processes and technologies, automation can help prevent successful cyber attacks and encourage collaboration across security silos.

Beyond furnishing security teams with the resources they need, SOAR technologies create a more streamlined method for detecting and responding to cyber threats, which only bolsters collaboration. When we work together to secure our collective digital future, we leverage our shared resources and our combined skills and expertise to increase the effectiveness of our collective SOCs. Ultimately, collaboration can help your organization conserve resources, which is both good for the bottom line and your overall security posture.

Through the automation of containment and analysis, for example, security teams can quickly make a decision based on automated investigations. No more manual mistakes. No more missed threats. No longer is your security team responding to alerts too slowly to take effective action. Not only do SOAR technologies significantly speed time to resolution, they free up security operations teams to focus on more complicated and critical issues that require thoughtful solutions.

In the end, data breaches are not going away, and as the threat of cyber attacks continues to grow in the new year, organizations need to reconsider how they approach security in 2019. Stop worrying about embarrassment to your company and start collaborating with others. The scarce amount of human resources in the cybersecurity industry signals the need for both collaboration and security orchestration, automation and response technologies to break down security silos and secure the world's digital future.

SOAR improves the value of security teams and better protects organizations' most sensitive data by empowering security operations teams with easy and optimized decision-making capabilities. Teams are liberated to do more thoughtful work, which enables better, faster and more effective security operations. As IT infrastructures continue growing, securing them will continue being a significant challenge for any business in any industry, but collaboration is the best solution for preventing successful cyber attacks.

Cody Cornell is CEO and founder of Swimlane.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...