Page 59 - Cyber Warnings
P. 59
The alignment between the SOC and the business is essential in determining the organizations’
goals and metrics.
In fact, a clear mission that focuses on protecting critical assets and data, rather than just
assure system up-time, was found to be a better predictor of maturity and capability than size of
the organization or total security investment.
All or Nothing Approach Does Not Drive Effectiveness
While Business maturity is increasing, organizations are trying out new technologies,
organizational alignments, and analytical strategies to only varying degrees of success. The
proliferation of threat hunt programs is a continuing trend that is delivering extraordinary results
within some organizations, and at the same time introducing a great deal of cost, complexity,
and risk within others. Organizations that are adopting hunt teams as an enhancement to their
existing mature real-time monitoring capabilities are seeing success.
These hunt teams are able to pinpoint unknown threats and patterns and feed valuable
intelligence that can be used to enhance near real-time detection and incident response
programs. However, many organizations are forgoing these real-time detection capabilities and
going all-in with hunt-only programs, which is leading to a sharp decline in security operations
maturity and effectiveness.
Automation is another area that is showing promise and helping to relieve some pressure on
existing staff. Reducing the clicks or steps an analyst has to perform during an incident
investigation can have a major impact on the longevity and burnout rates of staff. Finding
opportunities for automation is key to keeping security experts engaged and focused on real
threats instead of getting caught up in event noise.
However, full automation is unrealistic since most organizations struggle with a lack of
knowledge and accuracy around configuration management and still need human decision
making for risk assessment and advanced investigation. The level of automation most
organizations envision, eliminating front line analysts in the response process, is seldom
realized when organizations do not fully understand interdependencies and potential impact to
critical applications, users, or data.
Finding the Perfect Mix
The decisions to utilize managed services, technology outsourcing, or hybrid operational staffing
are other areas impacting a number of organizations. Many security leaders have gone through
significant trial and error, risk, and expense to find the sweet spot in leveraging MSSPs, and
there has been much debate in the industry as to whether keeping resources in-house or
59 Cyber Warnings E-Magazine January 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
