Cyber attackers can launch thousands of attacks daily. Many of these same attackers don't even need serious technical expertise to do so; they can simply purchase (or even rent) DIY hacking toolkits or subcontract the actual attack campaign to a hacker-for-hire. With such low entry barriers and a threat landscape that's evolving rapidly due to relatively easy access to processing horsepower and automation technologies, cybersecurity must be top of mind at any organization.
Fortunately, many new technologies are new to security operation centers (SOCs) and the teams that run them. The use of automation, machine learning' and big data has the potential to detect, analyze' and contain most threats automatically, without the need for human intervention — which leaves SOC teams with more time and resources to dedicate to hunting more sophisticated attacks. But if SOCs want to take advantage of emerging cybersecurity technologies, they'll need to rethink their playbooks and make significant changes to technology roadmaps. Why? Because innovation in cybersecurity is challenged by two seemingly conflicting ideas: it's happening too slowly and too quickly. Allow me to explain.
Some say that most recent innovation in cybersecurity industry has been incremental, not revolutionary. Specifically, the products and services currently used in cybersecurity have been around for years, and today's more advanced threats aren't going to be stopped by simply adding a few new features or performance enhancements. Slow and incremental updates to well-established cybersecurity products and services will not protect a network against today's more evolved threat landscape; the adoption of new and revolutionary technologies is required.
For others, the massive volume of innovation is paralyzing. There are so many startups touting new cybersecurity products that it's easy to become overwhelmed by the sheer number of new point products and their related concepts/buzzwords (machine learning, threat intelligence, automation, etc.). How do you figure out what the right security solution for your organization is when a new one launches every week? How easily do new products integrate into your existing security architecture? Is the product addressing a security issue that your organization is likely to encounter? How much manpower and time are involved in maintaining the new product? Attempting to answer such questions makes it easy to see why keeping up with cybersecurity innovation is such a challenge.
Here are three tips to help you strengthen your organization's security posture and stay in front of cybersecurity innovation.
Tip 1: New Technology Only Works if Implemented and Used Correctly
Having the latest and greatest technology is only effective if that technology is implemented and configured properly. When considering any new cybersecurity product, remember first principles. Go back and ask the key questions. What is your security team responsible for? Does this new product help with those responsibilities? If so, then it's worth considering implementing the product in your security architecture, and only then after extensive testing and reworking of the security workflow to ensure there are no gaps in the security posture.
Tip 2: Use "Purple Teaming" to Gain a Competitive Advantage
SOCs, traditionally run by Blue Teams, are responsible for defending an organization. Blue Teams need the right mix of tools, technologies, and people to detect, analyze, contain, and remediate attacks. In addition to these tools, Blue Teams should partner closely with Red Teams, the white-hat hackers in an organization. Red Teams can run a number of different penetration tests to provide valuable insight into what hackers can do and the latest tools and technologies they can use to infiltrate an organization's network and assets. With the two teams working together on a regular basis, called "Purple Teaming," organizations can build up strong defenses to protect against real-time threats.
Tip 3: Leverage Automation to Scale Your Threat Response
Today's evolving threat landscape requires SOCs to adopt new technologies and best practices like automation and machine learning; they remove the need for human intervention to solve more basic cyberthreats (which make up the bulk of reported attacks). Such automation will require careful configuration of foundational security elements (endpoint, threat intelligence, threat analysis, firewalls, etc.) to avoid gaps in an organization's security posture. But if done properly, it will allow the SOC to take a more proactive role in defending the network.
Rinki Sethi is Senior Director of Security Operations and Strategy at Palo Alto Networks. She is responsible for building a world-class security operations center that includes capabilities such as threat management, security monitoring, and threat intelligence. Rinki is also ... View Full Bio