Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Ask The Experts

7/1/2019
09:00 AM
Paul Kurtz
Paul Kurtz
Edge Ask The Experts
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

How Can I Protect My Company Without a Security Staff?

Question: I'm an IT person in a midsize company without a security staff. I'm concerned about all the cyberthreats I hear about, but I don't know where to get new threat information or how to determine which threats might affect my specific organization. Can you help?

Paul Kurtz, co-founder & CEO of TruSTAR: In an ideal world, every company would build and maintain a threat model unique to that company based on its business profile, assets, operation location, etc. However, this a challenge even for large, mature teams to accomplish. 

Without a security staff, companies may struggle to appreciate the ROI of paid commercial intelligence feeds and be overwhelmed by the volume of open source intelligence. These challenges begin to diminish once a threat model is established and organizational capabilities to select and curate intelligence matures. 

While every company's threat model is unique, there should be a significant degree of overlap with industry peers. You can identify and operationalize relevant threat intelligence by joining a sharing community, like an ISAC or ISAO. Correlating this shared industry intelligence with internal security events and alerts from MSSP providers, SIEMs, phishing emails, and case management systems is the ideal spot to begin understanding what industry threats are directly relevant based on that overlap.

This can occur in two ways: one, consuming community intelligence into a SIEM and case management tool, and, two, sharing out suspicious email and events back to the community to determine if anyone else observed the threat as well and can add more context.

What do you advise? Let us know in the Comments section, below.

Paul Kurtz is the CEO and cofounder of TruSTAR Technology. Prior to TruSTAR, Paul was the CISO and chief strategy officer for CyberPoint International LLC where he built the US government and international business verticals. Prior to CyberPoint, Paul was the managing partner ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/8/2019 | 4:10:11 PM
Advice on Protecting company w/o a Security staff
I would say the following:
  • Outsource the security aspects to a third-party organization who has a strong track record
  • Place most of the solutions in the cloud where the applications are managed and maintained in the cloud using SaaS (Software-as-a-Service), similar to O365 and Google Apps
  • Implement an automated solution where ML (Machine Learning) comes into play. Watson, Sophos Intercept X and Extremenetwork Netsight Atlas can help where they can make decisions on their own, there may need to be some (very little intervention) but it can be done (automate, automate, automate).
  • Optional - take the internal employees and make them weaponized security fellows, bring in security consultants until they are up to par. I have even talked about bringing in White-Hat Hackers (i.e. Kevin Mitnik) to help address some of your short-comings.

Todd
The Edge Cartoon Contest: Need a Lift?
Flash Poll