The answer to today's risks
Added Monday 16 May 2016
The IT Insider talked to cyber-security specialists Honeycomb Technologies about how businesses can arm themselves against modern day threats – maintaining control through automated and orchestrated security tasks.
Today’s biggest security challenge
In today’s digital world in which the sophistication and frequency of cyber attacks is hitting the headlines on an almost daily basis, security teams are being inundated with information from Security Information and Event Management systems (SIEMs), firewalls, scanners and a whole host of other security solutions – each with their own form of alerts and reporting. Whilst this information is undoubtedly valuable, the volume of data that needs to be searched through is increasingly problematic for security teams that have limited resources available to deal with each incident. The increasing number of point security tools also means that there’s often a lack of integration with the organisation’s existing infrastructure, resources and processes – exacerbating the problem even further.
Speed is of the essence
According to a recent report by the SANS™ Institute, today’s cyber criminals have learned to be patient rather than taking the traditional ‘hit and run’ approach – harvesting more data and having a significant security and financial impact. Because of this, organisations need to detect and respond to incidents as quickly, efficiently and accurately as possible to minimise the data loss, impact on customers and subsequent regulatory penalties. Of the 507 respondents to the SANS 2015 Incident Response Survey:
- 36% spend an average of 24 hours or less to remediate an incident
- 51% take more than 2 days to remediate
- 66% cited a skills shortage as an impediment to effective incident response (IR)
- 45% cited a lack of visibility into events across a variety of systems and domains
- 37% are unable to distinguish malicious events from non-events
Overall, the results revealed an increasingly complex response landscape and the need for automation of processes and services to provide visibility across systems and best practices for remediation.
Clarity is key
To deal effectively with the constant flow of incidents and alerts, security teams need a new way to orchestrate incident response and management across their organisation. The first stage is to clearly define what constitutes an incident and then clearly communicate the process for handling it throughout the company and if necessary, across third party organisations. The next step is to automate the orchestration of security tasks to accelerate and improve the decision-making process.
Integration is essential
By integrating incident management and incident response systems – bringing all the disparate tools into one platform – the whole security process can be streamlined, creating cohesion throughout the organisation. However, it’s essential to ensure that you invest in an open, industry-standard platform that will integrate seamlessly with both existing and future investments.
SOCAutomation is an IT Security automation and orchestration platform that transforms incident response. This platform-agnostic solution integrates all existing and future security products, bringing them into one security fabric. SOCAutomation combats the growing complexities of information security alongside the sophistication of cyber criminals, streamlining security processes and enhancing capabilities.
Automation and orchestration technologies should now be an integral part of any organisation’s security strategy. These technologies address the increasing skills gap and the rise in complexity of incidents – ensuring that a business understands which risks to focus their resources on.