Page 129 - Cyber Defense eMagazine for July 2020
P. 129
For many organizations, the Security Operations team, rather than their users, is the main line of
defense. Even when the services are provided whole, or in part, by a third party, they are the ones who
have the ultimate responsibility for the organization’s security well-being. Which means assuring they
have the correct tools and the right training is as important as making sure the users are trained and
equipped. The question becomes whether they have the right tools and training to identify and mitigate
attack profiles that have now shifted to target the remote workforce.
The threats they have been historically focused on have not disappeared, but they may no longer be the
primary attack surface. Likewise, the tools they use to identify and mitigate attacks may not be the best
ones now that the attacker’s focus has shifted.
Threat actors have become increasingly skilled at compromising systems and then hiding their activity
“below the radar” to avoid detection, which makes their activity harder to detect. More so now that they
have a remote workforce to both target for attack and use for concealment. That means the SecOps
team will need to look at the situation holistically rather than relying on single indicators of compromise.
To that end, an advanced security analytics platform that can consolidate all the organization’s security
data into a single place and then perform AI-based analytics the entirety of the data may be in order. By
looking at all the information, it is possible to identify anomalous behavior that differs subtly from what’s
expected, or accepted, for a normal user. That can be the first indication of a compromise. Using
machine learning techniques, the system can adapt to the changing threat surface and present a risk-
based assessment to the SecOps team.
Combined with their existing tools and efficient automation, security operations personnel can get ahead
of an attack to keep a single compromised account or remote access system from escalating to a serious
data breach.
About the Author
Saryu Nayyar is the CEO of Gurucul. She is an internationally
recognized cybersecurity expert, author and speaker with more
than 15 years of experience in the information security, identity
and access management, IT risk and compliance, and security
risk management sectors. She was named EY Entrepreneurial
Winning Women in 2017. She has held leadership roles in
security products and services strategy at Oracle, Simeio, Sun
Microsystems, Vaau (acquired by Sun) and Disney, and held
senior positions in the technology security and risk management practice of Ernst & Young. She is
passionate about building disruptive technologies and has several patents pending for behavior analytics,
anomaly detection and dynamic risk scoring inventions.
Saryu can be reached on Twitter at @Gurucul
Cyber Defense eMagazine –July 2020 Edition 129
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.