Time to fight fire with fire: simplify everything using technology and tools such as machine learning, AI, and manual playbooks. Credit: bauhaus1000 By Scott Dally It seems lately like organizations can’t catch a break. The bad guy is always one step ahead if he hasn’t completely left the targeted company in the dust. And there is no sign of the threat landscape calming down anytime soon. According to NTT’s Global Threat Intelligence Report, cyberattacks increased by 300% this past year. On top of that, security operations teams are overwhelmed with too many alerts to analyze – there’s just too much data to get through. Meanwhile the bad guy is getting smarter. And faster. But there are steps that can be taken to get ahead, or at least, catch up. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe Automate, automate, automate The bad guys are already innovating. Advances in computing power have enabled threat actors and their tactics to become more sophisticated. They are moving faster and at scale, which makes it harder for organizations to keep up. Take ransomware, for example. This has become an actual economy with ransomware developers selling to affiliates and the affiliates infiltrating organizations with malware and then holding the organization’s data for ransom. We are in the age of Ransomware-as-a-Service (RaaS) – innovative, automated, scalable malware. So what does this mean for security operations (SOC) teams? It means it’s time to fight fire with fire. Everything needs to be simplified with SOC teams leveraging tools from machine learning and AI to manual playbooks. Organizations need to look beyond traditional tools like SIEM and also consider security orchestration, automation and response (SOAR) for helping to coordinate cybersecurity responses. Make sure security validation controls, a.k.a. breach and attack simulations, are running in the background, as they provide constant feedback of any weak links in overall security measures. Turn your SOC analysts into strategists As I mentioned, there is too much threat intelligence. Maintaining the staff needed for the terabytes of data output each day is not sustainable. Instead of burying your best analysts under rinse and repeat alerts, you should free up their time to think more strategically. This doesn’t mean automation is a “set it and forget it” approach. Automation simply makes analysts more available to conduct the real, actionable analysis of threats. SOC teams can guide the automation and have more bandwidth to conduct the necessary deeper threat intelligence, so that they can look at where the next threat actor is going to be and what he/she might do. This ultimately increases threat surface visibility as well as reducing breach exposure time. Be prepared for the worst The reality is your organization will be breached at some point. Today, cybersecurity is becoming increasingly more about resilience than resistance. What you need to do to prepare now is move from a reactive to a proactive and predictive strategy. Leverage your actionable threat intelligence and consider how to manage the next inevitable breach. This is all about creating a solid incident response plan that empowers your team to identify, respond, and mitigate any given threat and then get back to business as usual as quickly as possible. This is the endgame: incident preparedness that’s strong enough to maintain business continuity even when an organization is under threat. SolarWinds was the incident heard around the world. Then Colonial Pipeline happened. In the next 5 to 10 years, threat offense and defense are going to be completely autonomous. Things are probably going to get worse before they get better, so it’s time to prepare now. All of the tools are there, they just need to be employed and backed by a solid strategy. And, when in doubt, consider working with a partner or advisor with cybersecurity expertise that can help you scale up or down depending on your organization’s needs and can back you up with additional arms and legs – and analysts. I discussed this topic a bit more in depth with Devin Johnstone of Palo Alto Networks on a recent podcast. Give it a listen here. Related content brandpost The Many Advantages of a Cloud-First Approach A cloud-first strategy allows for both modernization and innovation, which in turn improves the end-user experience and reduces cost. By NTT Mar 29, 2022 5 mins Cloud Management brandpost Private 5G Will Transform Healthcare Private 5G can offer an integrated, controllable, organization-wide approach to networking. This allows healthcare organizations to evolve their network quickly and securelyu2014without losing existing investment in technology or assetsu2014to delive By NTT Mar 17, 2022 6 mins 5G brandpost Mastering Relationships Leads to Cloud Success The biggest obstacle for executives is not comprehending and leveraging various cloud infrastructures, but truly understanding their users and customers, and embracing differences for people across diverse geographies. By NTT Mar 02, 2022 6 mins Cloud Management brandpost Navigating the New Cybersecurity Paradigm As businesses consider their post-pandemic hybrid workplace strategies, they need to re-evaluate security from the ground up. By Biana Truman Feb 17, 2022 9 mins Cyberattacks Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe