Having travelled throughout the world in my professional capacity and personally experienced a diverse range of reactions to cyber defence – from highly engaged to relative indifference – I am acutely conscious of how the threat environment is posing such dangers to today’s organisations, particularly as those threats grow increasingly complex and widespread.
So, what have my observations demonstrated to me? That too often security is still viewed as a cost, rather than a protection, centre. In what is becoming an ever more unstable cyber world - that has to change.
The more aware and reactive organisations are looking to create powerful cyber defence systems – or Security Operations Centres (SOCs) – that will protect their operations. And that means building in resilience with cyber intelligence. In other words, these foremost enterprises recognise that treating security as a mixture of disparate technologies, expected to interact and keep you safe, is not the way forward. Instead, a SOC approach ensures the integration of an organisation’s technology and intelligence as a unified and highly effective whole.
There are several elements that must drive such a strategy in order to get it right:
GLOBAL THREAT INTELLIGENCE– with GTI, enterprises not only have recourse to a global database that is a repository of all of the threats that are taking place, anywhere and at anytime, but also to the analytics behind that to determine when a threat is viable, as opposed to when it is not (false positive or true positive).
DETECT– this is about empowering an enterprise to gain visibility of their environments by taking that global data and running it through a far-reaching process of collection and analysis, as well as vulnerability management. That way, they can make sense of all the global data received from external parties and, within their own environment (i.e., locally), combine these into a holistic view of their security posture. That delivers a ‘single pane of glass’ to see through, so organisations have the right levels of security knowledge in place at all times.
PROTECT– with real-time monitoring and detection in place, organisations need a solution that can make changes on the fly. So, if they are under attack, they must have the capability in place, in the form of technology and/or people and process that will apply specific security controls on their devices to block a threat immediately. Advanced Threat Protection (ATP) will, for example, do this proactively.
RESPOND– a key part of the protection mechanism is integration with Incident Response. This means having the appropriate levels of control to allow, or prevent, access to an organisation’s information; or to information that has been received. Is the technology in place sufficient to support that process? Essential to this is having the right people who can put those parts of the jigsaw together to give the business the full picture. At Symantec, for instance, we have an incident response team with exactly those skills that can be deployed within 24 hours to just about anywhere in the world.
IMPROVE– with all of the above elements wholly active, this is the final factor. One key area of ‘Improve’ is focusing on the organisation in general and its employees through a security awareness or simulation programme as the essential component that delivers continuity and development. The other area is governance. In other words, organisations must identify what kind of compliance they have within their environments, in order to ensure they are abiding by whatever standards the business has established, in terms of cyber security.
Ultimately, all of this feeds back into a Global Threat Intelligence fusion capability. And what that comes down to is a highly skilled team controlling an organisation’s cyber defences, empowering it to implement new projects within a safe, secure setting. And that comes back, full circle, to having that global view: the right level of intelligence that lifts you beyond simply local knowledge and awareness into an elevated position of real advantage.
