Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
5/25/2016
12:00 PM
Brian Dye
Brian Dye
Partner Perspectives
50%
50%

1 Security Incident x 4 Tools x 8 Roles = 8 Days

Collaboration can significantly improve this equation.

Collaboration may be the key to enhancing your security responsiveness, according to a recent global research report. Improving how your teams and products work together, including enhancing communication flows, fostering trust and transparency, and automating time-consuming tasks, could increase flexibility and effectiveness by 38% to 100%, depending on the size of the group. The bigger the group, the higher the potential improvement.

Our new global survey of 565 security professionals indicates the continuing need for greater effectiveness. Security operations teams are being inundated with security events as attacks and threat vectors increase in volume and variety. On average, investigations take people from up to eight different roles within the organization, using four or more security tools, eight days from detection to clean up.

Ironically, the groups with more advanced threat- and incident-management solutions conducted twice as many investigations because they had more detailed data and could detect more sophisticated and subtle attack behaviors. Almost half of those with advanced threat- and incident-management tools were able to shorten their average investigation times.

With the number of tools and people involved, respondents indicated that collaboration could improve effectiveness. The surprise was how big an impact they thought enhanced collaboration between the security analysts, incident responders, and endpoint and network operations teams would have. Centralized orchestration among these players was predicted to deliver a 38% to 100% improvement in effectiveness. These findings are promising for anyone worried about the cyberskills shortage and our ability to combat evolving threats. We can do more with what we already have.

It isn’t just about real-time alerts and case-management workflows. Our research identified three critical areas to develop: communication, trust, and automation.

Communication

Security investigations are iterative; the next step is influenced by the situation rather than prescribed by process. There are also so many people and products involved in a typical investigation, from different sites and time zones, that any form of manual communication or integration introduces delays and errors.

Given these hurdles, developing and enhancing orchestration between security products enables a host of time-saving human communications, including role-specific dashboards and monitoring tools, real-time visibility, policy and process-driven workflows, and access to current and historical event data. These, in turn, provide the most significant way to reduce incident response times by delivering more accurate and up-to-date information and prioritizing the areas in which to act.

Trust

Following closely on communication is developing higher levels of trust and transparency among teams, both internal and external to security operations. The two critical components of this are confidence that the information being received is accurate and complete, and confidence that work will get or has been done. Leading by example is critical here, demonstrating your trust in others and avoiding blame.

Having an incident-response game plan, practicing real-life scenarios, facilitating and coaching through each incident, and debriefing for the next iteration help create a positive attitude and continuous process improvement. This in turn encourages people to contribute as needed, even outside of their primary roles.

Automate-ability

Finally, the security skills shortage is not going away. Scripting critical time-consuming local and remote tasks is a good way to start down the road of getting your security tools and computing machines to shoulder more of the load. Our survey found a significant willingness to automate or semi-automate many tasks that traditionally require human intervention. Some are low risk such as clearing a browser cache or restarting a Windows service; some are higher risk such as isolating a host, rebooting a system, or reimaging a disk. Survey respondents showed that low-risk tasks could be fully automated, and the higher risk tasks could be automated with a pause for human approvals. Consult the report and infographic for specific examples of automation preferences.

Our survey indicates that improving collaboration across people, process, and technology can have significant benefits, connecting the tools and roles to shorten critical security operations metrics: times to detection, containment, and remediation.

For more information on how collaboration can improve your security equation, and other findings on advanced threat and incident management, download the full report How Collaboration Can Optimize Security Operations.

Brian Dye is corporate vice president in the Intel Security Group and general manager of the group's global security products at Intel Corporation. He is responsible for Intel's global corporate security product portfolio and worldwide engineering, including product ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14540
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16332
PUBLISHED: 2019-09-15
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16333
PUBLISHED: 2019-09-15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16334
PUBLISHED: 2019-09-15
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16335
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.