The Cybersecurity Skills Shortage Impacts Security Operations

According to ESG research, 45% of organizations report having a problematic shortage of cybersecurity skills in 2017. Of course, this applies to all areas of cybersecurity but recent ESG research shows that the skills shortage has a direct impact on security analytics and operations. The research reveals that:

  • 54% of organizations say they don’t have the appropriate security operations skills for an organization of their size.
  • 57% of organizations say they don’t have appropriate security operations staffing for an organization of their size.
Topics: Cybersecurity SIEM incident response security operations threat hunting computer forensics

SOAPA Video with ServiceNow (Part 1)

ServiceNow in security? Yes. The company has built upon its successful IT service management (ITSM) SaaS offering to bridge the gap between security and IT operations teams in areas like vulnerability management and incident response (IR). This places ServiceNow in the catbird seat. I expect big things and great success moving forward. 

Topics: Cybersecurity incident response ServiceNow vulnerability management incident response automation and orchestration SOAPA

Splunk on SOAPA (Part 2)

Recently, I had the pleasure of interviewing Haiyan Song, EVP of security at Splunk, about all things SOAPA. In part 2 of our video series, Haiyan aptly summarizes the current state of cybersecurity by declaring that “security is a team sport.” In other words, it takes cooperation amongst vendors, products, and infosec analysts to succeed. 

To that end, this video discussion highlights things like:

  • Splunk’s Adaptive Response. This is a Splunk customer-driven initiative which Haiyan describes as embodying the spirit of SOAPA. In essence, Adaptive Response unifies security analytics and controls and lets customers make and change enforcement decisions based upon security analytics insights rather than gut feelings or traditional security methodologies.
Topics: Cybersecurity SIEM incident response SOAPA

Splunk on SOAPA (part 1)

I’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.

SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, EVP at Splunk, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:

Topics: Cybersecurity SIEM incident response Splunk SOAPA

Thoughts on Incident Response Automation and Orchestration

Just this week, I was reviewing several interviews I conducted with cybersecurity professionals on their organizations’ processes and tools for incident response (IR) automation and orchestration. Here are a few things that jumped out at me:

Topics: Cybersecurity incident response

Incident Response Automation and Orchestration

Incident response processes can be challenging when organizations struggle to keep up with unprecedented volumes of security alerts. What’s needed? IR automation and orchestration. See my blog video below for more. 

Topics: Cybersecurity incident response incident response automation and orchestration

Keeping Up with Incident Response

A fire department in a large city certainly has a difficult job but its mission is fairly straightforward. When a fire is detected, the fire department dispatches an appropriately sized staff to assess, contain, and put out the fire, clean up, investigate what happened, and prepare themselves for the next blaze.

Yup, a pretty simple process when a manageable number of fires are burning but what would happen if there were hundreds or thousands of simultaneous infernos? My guess is that a senior fire chief (and perhaps other participants from local government and law enforcement) would have to make decisions on which blazes to resource and which to ignore. These decisions would certainly be based upon information analysis and best practices but there is still some risk that the disregarded fires would end up being far worse than expected, turn into disasters, and call into question the judgement of all involved.

Topics: Cybersecurity incident response

An Abundance of Incident Response Bottlenecks

Manual processes represent a major incident response bottleneck at enterprise organizations. I'd like to share a few alarming data points from some recent ESG research:

Topics: Cybersecurity malware incident response

Henry Ford and Incident Response

In the early 1900s, Henry Ford was intent on making the Model T an affordable car for the masses. To do so he had to figure out a way to vastly improve the company’s manufacturing efficiency in order to lower consumer prices. Ford’s solved this problem by adopting a modern manufacturing assembly line based upon four principles: interchangeable parts, continuous flow, division of labor, and reducing wasted efforts. 

Topics: Cybersecurity incident response NIST

Cybersecurity Industry News, 2/2016

Just five weeks into 2016 and it’s already been a busy year for the cybersecurity industry. Here are just a few highlights so far:

Topics: Cybersecurity threat intelligence incident response ICOPs