Where are you on the journey?
With the increasing pace of innovation, adoption of Hybrid IT and Public Cloud understanding your risk profile is even more important than before. How you mitigate risk is key and intrinsic to enabling your business so that it can benefit from today’s digital world.
The sophistication and complexity of today’s attacks, call out for a shift in how we deliver cyber security services.
With the growing number of breaches the security industry his heading for significant change. Security teams require larger investment, teams need greater cross technology focus and to some extent the ability to reinvent some of their traditional skill-sets.
Under the cover of booming ecommerce and mobility is the world of threats and breaches, both existing undetected for days, months and sometimes years. What is your meantime to detection?
Prevention alone no longer provides the control to keep threat actors out. The increasing cost of data loss needs to be proactively offset with the need for investment to aid the change in security mind-set. What is the right investment? And should it wait until you evidence a breach? Only with the right informed position of risk can this be quantified.
Edge is no longer the only line of defence to protect and detect against damaging attacks; in fact, the threats we need to resist are ones we haven’t seen before and aren’t discovered from signature based defences.
In today’s world your monitoring programme needs more than just telemetry from standard products such as Antivirus, WAF, Firewalls, and IDP. In fact, market stats suggest only 1% of advanced threats are detected using standard SIEM platforms.
What’s more concerning is 31% of enterprise leaders believe they have too much tooling, which culminates in data confusion due to the lack of skills to integrate them. This combination tends to support the anecdotal statement that SIEM is dead.
Moreover, when we discuss integration, this also identifies a significant case that we have to put the craft back into IT; leveraging automation and orchestration in everything we do.
The security game is on a tipping point of change, the journey to digital means even advance security protection alone is not enough and the requirement for deep and pervasive visibility of an environment is key.
- Ask yourself the question do you know what systems are connecting from where, to what and why?
- Without full packet capture are you really in an informed position?
Visibility should be underpinned with a clear hypothesis, with an understanding of the campaigns attackers engineer. Identity is key don’t underestimate the benefit of robust user identity, that means in the core as well as the edge.
Security Operations and Security Analytics centres need time and investment to allow them to go further and optimise existing investments in SIEM and to develop new use cases that provide true Security Intelligence.
This type of transformation doesn’t happen overnight, careful selection of your vendors\partners will be key…get your business exec on board, prioritise your most valuable assets, understand the risk and then formalise a strategy that adopts the above sentiment.