Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
5/25/2016
12:00 PM
Brian Dye
Brian Dye
Partner Perspectives
50%
50%

1 Security Incident x 4 Tools x 8 Roles = 8 Days

Collaboration can significantly improve this equation.

Collaboration may be the key to enhancing your security responsiveness, according to a recent global research report. Improving how your teams and products work together, including enhancing communication flows, fostering trust and transparency, and automating time-consuming tasks, could increase flexibility and effectiveness by 38% to 100%, depending on the size of the group. The bigger the group, the higher the potential improvement.

Our new global survey of 565 security professionals indicates the continuing need for greater effectiveness. Security operations teams are being inundated with security events as attacks and threat vectors increase in volume and variety. On average, investigations take people from up to eight different roles within the organization, using four or more security tools, eight days from detection to clean up.

Ironically, the groups with more advanced threat- and incident-management solutions conducted twice as many investigations because they had more detailed data and could detect more sophisticated and subtle attack behaviors. Almost half of those with advanced threat- and incident-management tools were able to shorten their average investigation times.

With the number of tools and people involved, respondents indicated that collaboration could improve effectiveness. The surprise was how big an impact they thought enhanced collaboration between the security analysts, incident responders, and endpoint and network operations teams would have. Centralized orchestration among these players was predicted to deliver a 38% to 100% improvement in effectiveness. These findings are promising for anyone worried about the cyberskills shortage and our ability to combat evolving threats. We can do more with what we already have.

It isn’t just about real-time alerts and case-management workflows. Our research identified three critical areas to develop: communication, trust, and automation.

Communication

Security investigations are iterative; the next step is influenced by the situation rather than prescribed by process. There are also so many people and products involved in a typical investigation, from different sites and time zones, that any form of manual communication or integration introduces delays and errors.

Given these hurdles, developing and enhancing orchestration between security products enables a host of time-saving human communications, including role-specific dashboards and monitoring tools, real-time visibility, policy and process-driven workflows, and access to current and historical event data. These, in turn, provide the most significant way to reduce incident response times by delivering more accurate and up-to-date information and prioritizing the areas in which to act.

Trust

Following closely on communication is developing higher levels of trust and transparency among teams, both internal and external to security operations. The two critical components of this are confidence that the information being received is accurate and complete, and confidence that work will get or has been done. Leading by example is critical here, demonstrating your trust in others and avoiding blame.

Having an incident-response game plan, practicing real-life scenarios, facilitating and coaching through each incident, and debriefing for the next iteration help create a positive attitude and continuous process improvement. This in turn encourages people to contribute as needed, even outside of their primary roles.

Automate-ability

Finally, the security skills shortage is not going away. Scripting critical time-consuming local and remote tasks is a good way to start down the road of getting your security tools and computing machines to shoulder more of the load. Our survey found a significant willingness to automate or semi-automate many tasks that traditionally require human intervention. Some are low risk such as clearing a browser cache or restarting a Windows service; some are higher risk such as isolating a host, rebooting a system, or reimaging a disk. Survey respondents showed that low-risk tasks could be fully automated, and the higher risk tasks could be automated with a pause for human approvals. Consult the report and infographic for specific examples of automation preferences.

Our survey indicates that improving collaboration across people, process, and technology can have significant benefits, connecting the tools and roles to shorten critical security operations metrics: times to detection, containment, and remediation.

For more information on how collaboration can improve your security equation, and other findings on advanced threat and incident management, download the full report How Collaboration Can Optimize Security Operations.

Brian Dye is corporate vice president in the Intel Security Group and general manager of the group's global security products at Intel Corporation. He is responsible for Intel's global corporate security product portfolio and worldwide engineering, including product ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41392
PUBLISHED: 2021-09-17
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
CVE-2020-21547
PUBLISHED: 2021-09-17
Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.
CVE-2020-21548
PUBLISHED: 2021-09-17
Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.
CVE-2021-39218
PUBLISHED: 2021-09-17
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger ...
CVE-2021-41387
PUBLISHED: 2021-09-17
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.