3 Ways to Optimize Your Security Operations and Prepare for the Next Big Threat

BrandPost By NTT
Jul 07, 2021

Time to fight fire with fire: simplify everything using technology and tools such as machine learning, AI, and manual playbooks.

istock 155394387
Credit: bauhaus1000

By Scott Dally

It seems lately like organizations can’t catch a break. The bad guy is always one step ahead if he hasn’t completely left the targeted company in the dust. And there is no sign of the threat landscape calming down anytime soon. According to NTT’s Global Threat Intelligence Report, cyberattacks increased by 300% this past year. On top of that, security operations teams are overwhelmed with too many alerts to analyze – there’s just too much data to get through. Meanwhile the bad guy is getting smarter. And faster.

But there are steps that can be taken to get ahead, or at least, catch up.

Automate, automate, automate

The bad guys are already innovating. Advances in computing power have enabled threat actors and their tactics to become more sophisticated. They are moving faster and at scale, which makes it harder for organizations to keep up. Take ransomware, for example. This has become an actual economy with ransomware developers selling to affiliates and the affiliates infiltrating organizations with malware and then holding the organization’s data for ransom. We are in the age of Ransomware-as-a-Service (RaaS) – innovative, automated, scalable malware.

So what does this mean for security operations (SOC) teams? It means it’s time to fight fire with fire. Everything needs to be simplified with SOC teams leveraging tools from machine learning and AI to manual playbooks. Organizations need to look beyond traditional tools like SIEM and also consider security orchestration, automation and response (SOAR) for helping to coordinate cybersecurity responses. Make sure security validation controls, a.k.a. breach and attack simulations, are running in the background, as they provide constant feedback of any weak links in overall security measures.

Turn your SOC analysts into strategists

As I mentioned, there is too much threat intelligence. Maintaining the staff needed for the terabytes of data output each day is not sustainable. Instead of burying your best analysts under rinse and repeat alerts, you should free up their time to think more strategically. This doesn’t mean automation is a “set it and forget it” approach. Automation simply makes analysts more available to conduct the real, actionable analysis of threats. SOC teams can guide the automation and have more bandwidth to conduct the necessary deeper threat intelligence, so that they can look at where the next threat actor is going to be and what he/she might do. This ultimately increases threat surface visibility as well as reducing breach exposure time.

Be prepared for the worst

The reality is your organization will be breached at some point. Today, cybersecurity is becoming increasingly more about resilience than resistance. What you need to do to prepare now is move from a reactive to a proactive and predictive strategy. Leverage your actionable threat intelligence and consider how to manage the next inevitable breach. This is all about creating a solid incident response plan that empowers your team to identify, respond, and mitigate any given threat and then get back to business as usual as quickly as possible. This is the endgame: incident preparedness that’s strong enough to maintain business continuity even when an organization is under threat.

SolarWinds was the incident heard around the world. Then Colonial Pipeline happened. In the next 5 to 10 years, threat offense and defense are going to be completely autonomous. Things are probably going to get worse before they get better, so it’s time to prepare now. All of the tools are there, they just need to be employed and backed by a solid strategy.

And, when in doubt, consider working with a partner or advisor with cybersecurity expertise that can help you scale up or down depending on your organization’s needs and can back you up with additional arms and legs – and analysts.

I discussed this topic a bit more in depth with Devin Johnstone of Palo Alto Networks on a recent podcast. Give it a listen here.