A data-driven approach for more proactive cybersecurity

By Splunk

Robert Pizzari, Vice President of Security, APAC at Splunk, speaks with GovInsider on how Splunk can help make cybersecurity a more proactive effort.

Security teams are spending more of their time reacting as opposed to prepariing.. But a data-driven approach may help to turn the tides. Image: Canva

As organisations grow increasingly digital, so do the challenges that security teams are facing. The pandemic too has introduced a new layer of complexity as workplaces across the globe move remote or hybrid.

The numbers are telling.

Software provider Splunk’s recent State of Security Report 2022 found that nearly 50 per cent of organisations reported suffering a data breach over the past two years of the pandemic, up from less than 40 per cent the year before. Yet, many of these were threats drawn from traditional playbooks, including ransomware and business email compromises as a result of phishing attacks or access control breaches.

Why is this the case? Security teams are consistently operating in a reactive mode instead of a proactive approach, says Robert Pizzari, the Vice President of Security, APAC at Splunk.

Of over 1,200 security leaders surveyed in the report, researchers from Splunk found that 28 per cent of security teams are spending their time fighting crises (up from 26 per cent last year).

The reason? Nearly one-third of security teams are citing challenges like overwhelming tool complexity, hiring or retention challenges, as well as cloud complexity and a lack of visibility. All these factors are compounded by the global talent shortage, with 73 per cent of the respondents reporting that their burned out colleagues have quit the industry.

Amidst this cyber landscape, what are the tools that can help security teams do their work better, retain talent, and adopt a proactive posture? GovInsider speaks with Pizzari to find out.
1. What are some technology tools that can support CISOs in streamlining their jobs and help them respond to cyber threats more proactively?
It is no secret that the majority of cybersecurity professionals are struggling to keep up with an overwhelming workload and find it the most stressful part of their job. This workload can be counted in the hundreds – or even thousands – of alerts per day that demand prioritisation, investigation and response.

In our conversations with security professionals, we’ve found a few common factors that are hindering them from being more proactive with cybersecurity.

  • too many alerts turn out to be false positives;
  • post investigations and new alerts are not automatically folded into existing incidents;
  • it requires manual effort to combine multiple alerts into a single incident.
The solution? Security orchestration, automation, and response – more commonly known as SOAR.

Take Splunk’s Security platform for instance. We can help to provide SOAR capabilities that allow security analysts to work smarter through automation. Our platform helps security professionals to automate repetitive tasks and create automated alert triages, allowing them to prioritise which security incidents require a quicker response.

This can help them to increase productivity, efficiency and accuracy while strengthening cyber defences by connecting and coordinating complex workflows across their team and tools.

Our customers have reported benefits including numerous hours saved per week, reduced time to open security incident tickets, and automating investigative processes.

We also support a broad range of Security Operations Centre functions including event and case management, integrated threat intelligence, collaboration tools and reporting.

2. We’re glad to hear that there are security tools in place that can help security professionals alleviate their workload. What about in the face of more advanced threats? How can advanced analytics tools discover threats that traditional security tools may not be able to capture?

Advanced threats are elusive. Without comprehensive security monitoring and data-centric analysis, these threats may otherwise go unnoticed — damaging your business reputation and finances.

Advanced analytics tools can help prevent breaches with behaviour-based detection. These tools have several functions:
  • Spotting anomalies quickly and stopping any potential threats before they damage IT systems
  • Transforming past data into action to uncover stealthy adversaries
  • Automating threat detection and resolution
A great example of this in action can be seen at the Hong Kong Internet eXchange (HKIX) — one of Asia-Pacific’s largest internet exchange points supporting fast and easy interconnections among local and international networks.

The organisation wanted to move from reactive to proactive security and turned to  Splunk Cloud to provide a robust visualisation of their security environment. Splunk Cloud analyses system behaviours and monitors logs in real time to track anomalous trends, offering instant visibility into system operations and stopping issues before they turn into outages or crises.

3. What makes Splunk’s Security tools unique?

Our importance has been most evident in my conversations with Chief Information Security Officers. Security is a data problem, and they recognise that Splunk is able to help overcome that problem. Our tools are able to operate in extremely complex environments, and help make that simpler for rapid action by security teams.

With Splunk, you can:
  • Have end-to-end visibility to quickly detect malicious threats in your environment
  • Break down data silos and gain actionable intelligence from multi-cloud and on-premises deployments.
    • This information can help security teams investigate and act quickly across massive data sets like logs, metrics and traces. Organisations can gather all the context they need and initiate flexible investigations with security analytics at their fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue 
  • Have rapid threat detection
  • Defend against threats with advanced security analytics, machine learning and threat intelligence that provide high-fidelity alerts to shorten triage times and raise true positive rates.
    • Splunk’s built-in automation and orchestration capabilities, enhanced by AI/ML, accelerates organisations’ ability to translate insights into action at scale  
As an example, we’ve helped the Gold Coast City Council in Australia gain real-time visibility into their IT environments. The Council is Australia’s second largest local government with 3,900 staff that provides a range of facilities and services for residents and visitors, from water and waste management to events. With Splunk’s observability platform, the Council could then mitigate their security risk amid a heightened threat environment when the city held the Commonwealth Games.

4. What is something we can look forward to seeing from Splunk at GovWare 2022?

Splunk is proud to be the main sponsor of 2022 Singapore Cyber Conquest.

Held at the Singapore International Cyber Week 2022 (SICW), happening in conjunction with GovWare, the event will feature Splunk’s popular Boss of the SOC (BOTS), a blue-team, capture-the-flag-esque activity. Loved by more than 12,000 enterprises and 50,000 participants over the last seven years, Cyber Conquest will introduce BOTS to 60 participants across nine ASEAN countries.

The event will see participants receiving training in threat hunting and investigative skills before competing against each other. It has been a great way to help upskill security professionals and to groom our future tech talents. I am excited that the champions of this year’s Cyber Conquest will get an all-expense paid trip to Las Vegas to attend Splunk’s annual user conference, .conf23.

Join Splunk at GovWare 2022! Catch them at Booth R22 to find out more.