Page 21 - Cyber Warnings
P. 21
capabilities to navigate the full scope of security operations and incident response from the
initial alert through remediation. Regardless of maturity or size of the security team, effective
orchestration is built on a few key tenants:
• Context – understanding of the relationships across alerts, intelligence, and security data
into prioritized cases with the complete contextual threat storyline.
• Automation – integrating automated capabilities in a flexible manner; from basic
playbooks, to semi-automatic workflow, to complete automation of incident response
where appropriate. One size fits all doesn’t work with security automation.
• Analyst Enablement – giving analysts the proper tools and visibility to effectively
intervene throughout the investigation and response process and ultimately ensuring we
are curing the disease, not just the symptoms.
With effective security orchestration, teams are able utilize a single pane of glass for a
coordinated response, both machine led and analyst driven. There is a delicate balance
between human intervention and automation that requires the right underlying architecture and
intelligence. Automation must be earned, not given.
Final Thoughts – Driving ROI
Security orchestration is transforming how analysts approach their job. The analyst isn’t going
away, and given the shortfall in staffing, they must be armed with a comprehensive
orchestration platform designed specifically for them. The average breach costs businesses
north of $10M, which makes the status quo no longer tenable. Given the stakes, security
leaders recognize the importance of driving analyst productivity, increasing the number of
mitigated threats, and perhaps most importantly, a dramatic shortening in mean time to
remediation, for all alerts (both automated and human led). Once again, enterprise security
leaders must avoid the distraction of point solutions that create yet another dangerous silo in the
security operation and arm the organization with the right balance of automation and human
intuition from a single pane of glass.
About The Author
Amos Stern is the CEO and Co-Founder of Siemplify. He brings a unique
technical and business background that includes leadership of the Cyber
Security department within the IDF Intelligence Corps. He served multiple roles
within Elbit Systems Cyber & Intelligence Division. Among other roles, Amos
was responsible for designing and building large scale intelligence investigation
platforms as well as defensive and offensive cyber security solutions for governments and law
enforcement organizations globally. Amos has extensive experience training SOC teams of all
sizes. Amos can be reached via email at [email protected] and on Twitter at @AmosGnux. For
more information about Siemplify, please visit our website: www.siemplify.co.
21 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
