State of Insecurity
Today’s enterprise security continues to be defeated by red teams, penetration testers, and adversaries alike. The 2018 FireEye/Mandiant M-Trends report found the median time from compromise to first detection was 101 days (up from 99 days in 2016) in 2018. Additionally, subsequent containment and remediation efforts often take weeks or months to complete.
Today’s largest enterprises are deploying in-house security operations centers staffed with security experts, data scientists, and system administrators. Also armed with millions of dollars in security products. Yet they continue to struggle with the most fundamental requirement of cyber-security, preventing breaches, when faced with a targeted attack.
Small and mid-sized enterprises have an even harder job. Budget constraints leave them stuck with inferior, legacy products that are ineffective at detecting today’s attack vectors. In addition, security and IT teams are too resource constrained to run proper security operations practices.
Proactive Security Operations
There’s a reason that security operations has been so historically difficult. Traditional, reactive security operations starts with installing a bunch of products and then waiting for alerts to respond to. Unfortunately, this often leaves security teams with false positives, false negatives, and irrelevant alerts to triage. This approach is both expensive and ineffective at stopping breaches.
Proactive security operations solves these challenges by combining continuous, real-time security analytics with security automation. This approach enables security teams to focus on automating work-flows, threat hunting, and breach simulation. This situational awareness gives them the ability to predict, detect, and respond to security events more efficiently than ever before.
Hiring the right people to staff a security operations center is critical to it’s success. The cyber-security landscape is constantly evolving with new attacks (on the offense side) and new assets (on the defense side). Migration to proactive security operations requires additional specialized skills related to automation and threat hunting.
- Penetration Testers – Understanding and ability to simulate the latest attack vectors. Enabling more effective resilience hardening.
- Threat Hunters / Forensic Analysts – Understanding of indicators of compromise (“IOCs”) that are used to detect and respond to security incidents.
- Automation Engineers – Design and implement automation playbooks and automated breach simulation to more efficiently scale operations tasks.
People should be coordinated by a process to make them more efficient and effective. Proactive security operations is best complimented by Agile development process since it provides a continuous, repeatable, and scalable framework to follow.
- Agile Kanban – Kanban to plan, track, and execute security operations activities.
- Threat Hunting – Combining automated and manual threat hunting uncovers threats faster and more effectively.
- Security Automation – Automation of containment and remediation work-flows enables blocks attacks in real-time without impacting availability.
Technology is the key to unifying people and process. However, in cyber-security it can also add huge amounts of expenses and complexity. Fortunately, the migration to cloud-delivered security platforms has enabled companies like DarkBytes to unify an entire security operations center into a single endpoint sensor. Unified platforms lower the cost of ownership and provide a single-pane-of-glass for security operations teams.
- Visibility – Continuous, time-series endpoint and network visibility.
- Threat Hunting – Manual and automated threat hunting without endpoint impact.
- Real-time Automation – Automated containment and remediation with optional human intervention.
- Vulnerabilities – Authenticated, real-time vulnerability scanning for CVEs, mis-configurations, and exposures.
- Compliance – Track hardening compliance for standards such as CIS, NST, and STIG. Report for compliance standards like PCI, HIPPA, and NIST.
Proactive security operations can make your enterprise more secure without the typical cost of a security operations center. Unification of people, process, and technology is a game changer in solving the most important cyber-security business case – preventing a breach.
Please reach out to see how DarkBytes is transforming security operations to prevent incidents from turning into breaches.