What is time? Isaac Newton believed it is absolute, while Albert Einstein proved that it is relative.
Cyber security practitioners should listen to Einstein. When an attack occurs, time is relative to the scale of the attack. Every second counts.
This is the concept of time-based security, which leaders can use to evaluate the effectiveness of an organisation’s cyber protection. There are two parts of this concept: Protection Time (PT) – the time when an agency is safe, and Exposure Time (ET) – when an agency is under attack.
If Protection Time is greater than Exposure Time, the security procedures are effective and in place. Time is the best way to understand how to manage risk and resource allocation.
The risks are well understood. Cyber damages will hit $6 trillion annually by 2021, up from $3 trillion in 2015, according to Cybersecurity Ventures.
How can you increase protection time? Look at three areas, says Micro Focus: people, processes, and technology.
People and the War for Talent
By 2021 there will be a global shortage of 3.5 million cyber security staff. Agencies are in a war for talent. How can they win this never ending gladiatorial contest?
Having the right people in place is a bedrock requirement for success in a security operations centre (SOC), and 58 per cent of respondents to the 2019 SANS Institute’s SOC survey said that the top barrier to SOC excellence is a lack of skilled staff.
Five steps can make a difference: staff your organisation to handle the volume and velocity of events; give appropriate training and certifications; reduce your false positives by ensuring that you understand your own threat landscape; created detailed documentation to make life easier; and have a clearly defined career path for all staff to ensure they stay.
Another top tip is to look for people with diverse backgrounds, such as database administrators or application developers. This gives your SOC staff different viewpoints and a breadth of skills and experience, while expanding your access to a broader pool of candidates in a tight job market.
Can you repeat that?
Process is the missing piece of the puzzle for many SecOps teams that Micro Focus has consulted in the past year. In particular, turnover of skilled individuals who have memorized but not documented key systems can cripple SOC capability.
The most successful SOCs are using an adaptable, portable, and operationally integrated process and procedure knowledge management system, Micro Focus says. Managers should measure staff contributions to this documentation as one of their key performance indicators.
Technology to the Rescue
As new technologies such as artificial intelligence, entity behaviour analytics, and security orchestration and automation tools appear on the market, SecOps leaders will want to use them to alleviate their challenges.
Be warned: these will not solve existing problems. The SOC must first have the proper foundation in people and processes to use new tools.
Identify your security cases, and then select the right tools to meet them. As you document those use cases, you’ll improve your processes and build a greater knowledge bank for your staff. You will also allocate resources properly to new tech.
That’s how to increase protection time. But how can you reduce exposure time?
Enter the 4Ds: Deter, Detect, Delay, and Deny. Make sure you have a secure-enough system that the risk of hacking it appears too great. Invest in good quality surveillance systems so that your team is on top of the risks. Ensure that you can delay hackers getting to sensitive information so that your SOC can respond during an attack. And Deny hackers the ability to cause you damage through good processes and well-trained staff.
The role of SecOps is changing and growing in importance. The development of security fusion centers is a continuing trend for many enterprise security operations organizations, according to the Micro Focus 2018 State of Security Operations report.
One SOC to rule them all
Traditionally, businesses would assume a ‘One SOC to Rule Them All’ approach, which works particularly well in decentralised organisations and those that have grown quickly through M&A activity.
Over the past two years, these centres have evolved. The new form includes teams that combine data security monitoring with incident response and compliance for GDPR. Data breach monitoring is a must for any organisation working in the United States or the European Union, or with clients in those jurisdictions.
Micro Focus has one of the largest portfolios in the industry to address the security, risk and governance needs across your enterprise. From analytics to encryption and data masking, there are plenty of tools at your disposal to fit the 4Ds and ensure that your protection time is greater than the exposure time.
To find out more, download the Micro Focus 2019 State of Security Operations Update for the latest insights, trends, and success stories.
Micro Focus is at GovWare booth #F17 on 1-3 October 2019.
GovWare is the region’s most established premier conference and showcase for cybersecurity, and is the cornerstone event of Singapore International Cyber Week. GovWare 2019 is taking place from 1 – 3 October at Suntec Singapore Convention & Exhibition Centre. Register for the event here.