Strategic Cyber Ventures has invited a number of people we admire to contribute to our blog. This week: Ronan Murphy, CEO & Founder of Smarttech and Founder of Zero Day Conference.
Maintaining a strong cybersecurity posture has become increasingly difficult for large organizations and this is evidenced in the numerous high profile breaches taking place every month. There is several reasons for cyber landscape becoming more complex and they include Cyber-adversaries becoming more sophisticated and stealthy, resulting in targeted attacks that often by pass traditional security controls. New IT initiatives including cloud deployments expand the attack surface and make cybersecurity more complex and many large organizations are losing ground as they attempt to address IT risk with a variety of point solutions and disparate manual processes.
The need for a new approach to cyber protection, business enablement, and innovation is critical to combat the growing threat from cybercrime.
To deal with the escalating challenge organizations are investing in Security Operation Centers (SOCs) either in-house or in an outsourced model. But unfortunately, traditional SOC’s are dealing with a number of significant challenges when it comes to delivering adequate cybersecurity. The main problem arises when the security teams become overwhelmed with data:
The sheer volume of security data that cybersecurity analysts must try and assimilate is simply staggering. A typical enterprise customer will deliver over 200,000 pieces of security event data per day and a large portion of this data results in false positives. The estimated cost of dealing with false positives is $1.3 million and 21,000 hours of man time. Couple the data challenge with the 75,000-plus known software vulnerabilities reported in the National Vulnerability Database, 10,000 security research papers published each year and over 60,000 security blogs published each month—and security analysts are severely under resourced to make informed decisions at speed. This ultimately results in alert fatigue where analysts become overwhelmed and face certain burnout.
The new breed of next generation of SOC’s need to be more dynamic than ever. They need to be strategic, Intelligence-led, and future proof by implementing new capabilities and developing a new approach being able to utilize big data, cognitive technologies, AI and machine learning.
New strains of malware are designed to cover their footprints and delete any trace of their existence. The malware will aggressively seek out any logging capabilities within a network and delete them where possible. This feature is very common in the new strains of Ransomware. Therefore, the next generation SOC’s need the capability to analyze network behavior and identify network anomalies. This has become an important aspect of the more sophisticated SOC’s. Essentially the SOC analyst will be able to analyze the traffic patterns within an organization and build up a picture of what normal traffic looks like on a given day. If there is ever any deviation from normal patterns the security analysts will have the ability to interrogate the traffic spikes in real time down to layer 4 and layer 7 packets. This feature has become important when tracking data flows and potential data extraction from the enterprise.
In Summary the SOC providers who are taking the lead in this space are implementing a truly strategic view with significant investment in Cognitive, Network behavior tools, Cyber Intelligence, Insider Threat, Red Team, Hunters, Cyber Innovation, and Outreach, and, overall, are constantly adapting to meet the challenges of the present and the future.