Orchestrate your defences against cyberattacks

Stuart Davis, Middle East director at Mandiant (a FireEye company) makes the case for security orchestration, which can accelerate and simplify the threat response process by bringing disparate technologies and incident handling processes together.

Tags: Cyber crimeFireEye (www.fireeye.com)United Arab Emirates
  • E-Mail
Orchestrate your defences against cyberattacks Davis: (Security) professionals need to strike a balance between the time spent on day-to-day tasks and higher value investigations that lead to a mitigated threat.
By  Stuart Davis Published  August 9, 2017

Recent cyber-attacks like WannaCry and Shamoon2.0 are wake up calls for cyber security in the region. As cyber-attacks continue to grow in both volume and sophistication, the daunting risk of a breach brings about the urgent need to secure infrastructure and information. Skilled cyber attackers can now infiltrate the most advanced digital systems, remaining undetected for a considerable amount of time.  They can evade cyber security efforts to test, identify, and adapt to the network defences and finally entrench malware.

In times like these, businesses are becoming increasingly concerned about cyber security and the ability of the organisation to combat and recover from an attack. With the continually advancing cyber-attack landscape, it has become imperative to ensure end to end protection by carefully assessing their security processes and investing in the right technologies.

Too many tools and not enough time

Most security operations centres (SOCs) must contend with a huge volume of alerts, which can put stress on understaffed teams. Eventually, organisations turn to traditional programmes that rely on human intervention and containment.  Without the right balance between daily tasks, security professionals and automation, organisations are faced with an asymmetric fight to keep the organisation safe. 

Cyber security professionals are required to respond quickly and correctly to combat potentially devastating threats as a quick response can make the difference between a minor attack and a major breach. However, these professionals need to strike a balance between the time spent on day-to-day tasks and higher value investigations that lead to a mitigated threat. Many analysts spend most of their time on repetitive activities that require frequent shifts between multiple, disparate tools to triage alerts using standard corrective actions for known issues.

In comes security orchestration

To stitch together the large amount of information gleaned from a variety of different tools, organisations must be able to utilise an agnostic orchestration solution that allows security teams to leverage the investments they’ve already made today, as well as any future security investments. 

Security orchestration brings together disparate technologies and incident handling processes into a coordinated set of security actions and operational processes. It levels the playing field by accelerating and simplifying the threat response process. A properly deployed orchestration solution ultimately buys time for security professionals to focus on higher priority tasks, improves response times, reduces risk exposure, and maintains process consistency across a security programme.

Organisations often harbour a misconception when it comes to security orchestration, that the entire security process, from end to end, including logic, must be outsourced. They need to understand that integrating automation requires that a task be broken down, analysed and codified. When selecting tasks to automate, choose wisely and avoid tasks that are unnecessary or require human know-how to drive each successive step. Instead, focus on tasks that deliver high-value output and have a repetitive element to them.

A holistic approach to organisational security

The benefit of orchestration is that it is a force multiplier that facilitates the analyst’s workflow, builds immediate context for alerts, and accelerates post alert actions that would normally need to be conducted manually. Time is saved by automating security processes and maintaining procedural consistency through technology integrations, playbooks and dashboards to quickly investigate across infrastructure.

Adopting security orchestration initiatives can significantly aid an organisation’s security programme, regardless of its level of maturity. Many basic, accessible and common orchestration opportunities exist, and as they are studied, several best practices will become apparent. The organisation needs to begin with a deep understanding of its security environment, resources, risks and security goals. By bringing this knowledge together, it becomes easier to identify high-priority tasks that can easily be automated.

This automation generates high-value outcomes such as reclaiming time for security experts and reducing the dwell time of dangerous cyber-attacks. And as the organisation and security team get better at selecting outcomes strategically, they can simplify and optimize the security programme to improve overall security maturity.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code