Page 129 - Cyber Defense eMagazine for July 2020
P. 129

For  many  organizations,  the  Security  Operations  team,  rather  than  their  users,  is  the  main  line  of
            defense.  Even when the services are provided whole, or in part, by a third party, they are the ones who
            have the ultimate responsibility for the organization’s security well-being.  Which means assuring they
            have the correct tools and the right training is as important as making sure the users are trained and
            equipped.  The question becomes whether they have the right tools and training to identify and mitigate
            attack profiles that have now shifted to target the remote workforce.

            The threats they have been historically focused on have not disappeared, but they may no longer be the
            primary attack surface.  Likewise, the tools they use to identify and mitigate attacks may not be the best
            ones now that the attacker’s focus has shifted.

            Threat actors have become increasingly skilled at compromising systems and then hiding their activity
            “below the radar” to avoid detection, which makes their activity harder to detect.  More so now that they
            have a remote workforce to both target for attack and use for concealment.  That means the SecOps
            team will need to look at the situation holistically rather than relying on single indicators of compromise.

            To that end, an advanced security analytics platform that can consolidate all the organization’s security
            data into a single place and then perform AI-based analytics the entirety of the data may be in order.  By
            looking at all the information, it is possible to identify anomalous behavior that differs subtly from what’s
            expected,  or  accepted,  for  a  normal  user.   That  can  be  the  first  indication  of  a  compromise.   Using
            machine learning techniques, the system can adapt to the changing threat surface and present a risk-
            based assessment to the SecOps team.

            Combined with their existing tools and efficient automation, security operations personnel can get ahead
            of an attack to keep a single compromised account or remote access system from escalating to a serious
            data breach.






            About the Author
            Saryu Nayyar is the CEO of Gurucul. She is an internationally
            recognized cybersecurity expert, author and speaker with more
            than 15 years of experience in the information security, identity
            and access management, IT risk and compliance, and security
            risk management sectors. She was named EY Entrepreneurial
            Winning  Women  in  2017.  She  has  held  leadership  roles  in
            security products and services strategy at Oracle, Simeio, Sun
            Microsystems,  Vaau  (acquired  by  Sun)  and  Disney,  and  held
            senior  positions  in  the  technology  security  and  risk  management  practice  of  Ernst  &  Young.  She  is
            passionate about building disruptive technologies and has several patents pending for behavior analytics,
            anomaly detection and dynamic risk scoring inventions.

            Saryu can be reached on Twitter at @Gurucul






            Cyber Defense eMagazine –July 2020 Edition                                                                                                                                                                                                                         129
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   124   125   126   127   128   129   130   131   132   133   134