Page 24 - CDM-Cyber-Warnings-March-2014
P. 24
The successful playbook is developed and honed through network analysis. By tapping into workflows and data directly from security information and event management (SIEM) tools and other enterprise-wide devices, security specialists can determine which tasks are being performed manually and routinely. That data forms the basis of the playbook, which grows to incorporate all simple and repeatable courses of action that can be synchronized at speed and scale; such “plays” must be tested and pre-approved for repeated use. For instance, the cyber playbook for malware remediation might contain email templates, a list of recommended resources for collecting Web-address reputation scores, steps for collecting data packets, and instructions on how to add firewall rules, among other tasks. The key benefits of adopting a cybersecurity playbook include: Quality assurance: perfected plays can be run by all staff levels consistently Cost effectiveness: fewer personnel hours spent performing repetitive tasks means more hours spent actively defending networks Increased efficiencies: determined courses of action reduce the time necessary to resolve vulnerabilities or thwart attacks Accurate measurement: repeated actions can be audited, measured, perfected, and repeated Don’t Recreate: Automate By capturing critical institutional knowledge, security analysts can determine which workflows should become part of the cyber playbook and which are likely candidates for automation. As a result, pre-defined measures can be executed at sub-second speed without manual intervention wherever and whenever such automation makes sense. By adopting a cyber playbook that capitalizes on automated and semi-automated courses of action synchronized across a complex enterprise, security professionals can effectively counter cyber attacks with coordinated and comprehensive defensive strategies—strategies that can be evaluated and repeated on the fly to continually improve response actions. As an added benefit, automating basic processes to simple drag-and-drop actions makes the attraction and retention of security staff more strategic and cost effective. Key hires can then be cultivated for more complicated security scenarios by allowing automation tools to normalize everyday processes. Organizations benefit from the ability to tap the right mix of skills for the right tasks at hand. A sound cybersecurity playbook will become an analyst’s best friend. It combines the best personnel, processes, tools, and workflows an organization possesses into a dynamic and flexible real-time security response engine. A winning coach would never show up to the big game without a proven playbook in hand; it’s time security professionals adopted the same practice. Paul Nguyen is President of Global Cyber Solutions at CSG International. In this role, he brings extensive experience as a seasoned cyber security expert for the federal government and the commercial sector – including several Fortune 100 companies – to spearhead CSG’s entrance into the cyber marketplace. Mr. Nguyen has a proven track record of encouraging CIOs to explore continuously-managed protection layers that orchestrate dynamic defense strategies and address both threat response and business needs. " # % " $ " # ! !
