CS1701
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
security operations centres<br />
Hewlett Packard Enterprise<br />
Discover 2016 London.<br />
In a few instances, organisations have<br />
gone as far as opting for open hunt as the<br />
sole means for detection and response,<br />
while eliminating SIEM-based real-time<br />
monitoring efforts. Many of these<br />
organisations were frustrated by security<br />
operations that were difficult to staff and<br />
not producing the expected value, and thus<br />
decided to try something new. The result?<br />
Much of the same.<br />
"Searches that return data from<br />
misconfigured applications and systems, but<br />
not much in terms of useful results about<br />
threats to the organisation," reveals HPE.<br />
"The maturity of these organisations actually<br />
regressed and risks increased, as response to<br />
known-bad threats slowed and decreased in<br />
consistency. In most cases, the operational<br />
context of the previous solution was lost in<br />
the transition to a new approach.<br />
EARLY ADOPTION OUTCOMES<br />
While most organisations in the early<br />
adoption phase of this emerging area of<br />
security operations are experiencing mixed<br />
results, there are some that have successfully<br />
added threat hunt capability to their security<br />
programs in complimentary ways to existing<br />
real-time operations.<br />
"HPE is working with organisations that<br />
have leveraged the mature methodologies<br />
that made their SOC programs successful<br />
and expanded those lessons learned into<br />
threat hunt."<br />
Here are some other key observations from<br />
HPE's findings:<br />
Complete automation is an unrealistic<br />
goal. A shortage of security talent<br />
remains the number one concern for<br />
security operations, making automation<br />
a critical component for any successful<br />
SOC. However, advanced threats still<br />
require human investigation and risk<br />
assessments need human reasoning,<br />
making it imperative that organisations<br />
strike a balance between automation<br />
and staffing<br />
Focus and goals are more important than<br />
size of organisation. There is no link<br />
between the size of a business and<br />
maturity of its cyber defence centre.<br />
Instead, organisations that use security<br />
as a competitive differentiator, for market<br />
leadership, or to create alignment with<br />
their industry are better predictors of<br />
mature SOCs<br />
Hybrid solutions and staffing models<br />
provide increased capabilities.<br />
Organisations that keep risk management<br />
in-house, and scale with external<br />
resources, such as leveraging managed<br />
security services providers (MSSPs) for costaffing<br />
or in-sourcing, can boost their<br />
maturity and address the skills gap.<br />
As organisations continue to build and<br />
advance SOC deployments alongside the<br />
evolving adversary landscape, a solid<br />
foundation based on the right<br />
combination of people, processes and<br />
technology is essential. To help<br />
organisations achieve this balance,<br />
HPE recommends:<br />
Mastering the basics of risk identification,<br />
incident detection, and response, which<br />
are the foundation to any effective<br />
security operations program, before<br />
leveraging new methodologies such as<br />
hunt teams<br />
Automating tasks where possible, such<br />
as response automation, data collection,<br />
and correlation to help mitigate the skills<br />
gap, but also understanding the<br />
processes that require human interaction<br />
and staffing accordingly<br />
Periodic assessment of organisations'<br />
risk management, security and<br />
compliance objectives to help define<br />
security strategy and resource allocation<br />
Organisations that need to augment<br />
their security capabilities, but are unable<br />
to add staff should consider adopting a<br />
hybrid staffing or operational solution<br />
strategy that leverages both internal<br />
resources and outsourcing to a MSSP.<br />
There will be great challenges ahead this<br />
year and beyond, adds Matthew Shriner,<br />
with further adoption of the new style of IT,<br />
adhering to new regulations such as GDPR,<br />
an increase in politically motivated attacks<br />
and more. "I remain steadfast in the belief<br />
that organisations' best defence will be to<br />
remain steady with their security operations<br />
foundations. Focus on the people. The<br />
people will drive the process and the process<br />
will ensure the most effective use of the<br />
technologies.<br />
"Excel at the basics and enhance capabilities<br />
with analytics to uncover advanced attacks<br />
with greater visibility across the organisation,<br />
providing confidence for your business to<br />
innovate securely," he advises.<br />
30<br />
computing security Jan/Feb 2017 @CSMagAndAwards www.computingsecurity.co.uk