Information overload, burnout, talent retention impacting SOC performance
John Lodge, SOC Manager at Socura, says alert fatigue is a particular problem.
“As well as causing fatigue for the analysts, repeating false positives also
draws attention from and potentially delays responses to real active threats,”
he tells CSO. The main solution to this is with effective tuning, he adds. “Key
challenges to overcoming this are getting investment from analysts to ensure
tuning opportunities are exploited as soon as possible. In cases where tuning is
not possible, automation should be used so as much manual work is taken off the
analyst as possible. Again, the challenge here is making sure the initial effort
is put in to automate these actions before the false positives build up.”
First-time fix challenges are also significant, Lodge says. “When escalating an
incident, we ideally we want to be able to have resolved the incident with the
tools and information at our disposal. In some cases, this is not possible as
further context is required.” The challenge is to ensure that, in all cases, we
have carried out as much investigation and response as possible.
Cybersecurity’s too important to have a dysfunctional team
Teamwork is an essential part of working in a business and this is just as true
of cybersecurity teams. Due to the constant vigilance required, it helps
cybersecurity professionals to know they have people around them, with whom they
can share the workload. There are five fundamental qualities that make every
team great: communication, trust, collective responsibility, caring and pride.
Everyone individually is important, but it is in coming together that they
become unbeatable. Effective teamwork begins and ends with communication. It
does not always occur naturally, but it must be taught and practised in order to
bring everyone together as one. Along with a strong and functional team, a good
leader is essential. Cybersecurity teams have stressful jobs, with the whole
company looking to them in times of crisis (which can be heighted during
economic instability). For this, the cybersecurity team requires a capable
leader under pressure to help engender trust across their staff. They must also
be able to advocate for the team if some are burnt out or require further
training.
12 things every CIO must get done in year one
Dr. George F. Claffey Jr., CIO and interim vice president of Institutional
Advancement and Strategic Partnerships at Central Connecticut State
University, says he, too, focuses on listening and building relationships. He
sees building trust as an essential extension of that work. “No one is going
to have confidence in your agenda if you can’t be trusted,” he says. To build
trust, Claffey acknowledges others’ challenges and works to fix them. “We find
the win for them,” he says, adding that he also attends meetings held by other
departments and demonstrates a genuine interest in their goals so they see
“I’m interested in not just IT but everything that’s happening.” ... To have a
successful CIO shop from the start, Jim Hall, CEO of consultancy Hallmentum,
says CIOs “need to have the right people doing the right things at the right
time, and they have to have the right skills.” To ensure they have that, CIOs
should assess their teams early on to identify skill gaps in individuals and
across teams, and then determine what measures are needed to get in place the
right people and skills doing the right thing at the right time.
5 Factors to Weigh When Building Authorization Architecture
As you succeed, you will inevitably want to start winning some larger
enterprise customers. This means working with a whole new set of authorization
challenges. When working with a transnational business — and, specifically,
working with a single department of it at first — reflecting the
organizational structure in your permissions quickly becomes a sticking point.
New requirements emerge, such as:Users should only be able to access resources
and data within their department and geography. Managers in the London office
should be able to access everything in the other U.K. offices. Heads of
departments globally should be able to do everything in all
regions. Company vice presidents want to see everything but don’t really
know how things work, so they should only have view access. Sally in the
Paris office is our superstar employee who also does work now and again for
the U.S. team, so she should have access to their account every 3rd Tuesday if
it is a full moon (might have exaggerated a bit here).
9 out of 10 banks still use mainframes. Google Cloud wants to reduce that.
Google Cloud plans to introduce what it’s calling a simpler, more risk-averse
way for enterprises to move their legacy mainframe estates to its cloud with a
new service built on technology originally developed by Banco Santander. That
service is Dual Run, and it enables parallel processing, allowing enterprises
to make digital copies of their legacy mainframe systems and run them
simultaneously on Google Cloud Platform. The service addresses a big challenge
with mainframes: the tight coupling of data to the application layer. It
allows real-time testing by customers to ensure their cloud workloads are
performing as expected, running securely, and meeting regulatory compliance
needs — without stopping an application or negatively impacting their end-user
experiences — before transitioning to GCP as their primary system. “This is a
simple concept, but hard to implement — hasn't been done so far,” Nirav Mehta,
Google Cloud’s senior director of product management for cloud infrastructure
solutions and growth, told Protocol.
The Microsoft-Cisco Teams collaboration could create an interoperability revolution
Cisco is a telecom company. It should get, even better than Microsoft, why
things in its space need to interoperate and how to differentiate on features,
capabilities, and price without locking out competing solutions. Embracing Teams
doesn’t mean it's abandoning Webex, but Webex will need to find a path to
third-party hardware or it will lose ground against options like Teams. Cisco
seems to get this, based on the statement yesterday from Jeetu Patel, executive
vice president and general manager, security and collaboration at Cisco:
"Interoperability has always been at the forefront of our hybrid work strategy,
understanding that customers want collaboration to happen on their terms —
regardless of device or meeting platform,” said Patel. “Our partnership with
Microsoft brings together two collaboration leaders to completely reimagine the
hybrid work experience.” This should help drive Cisco toward a future where
Webex and Teams could interoperate, as well, which might mean the end of
products like Zoom.
The future of low-code governance with Managed Environments for Power Platform
While the low-code concept has been around for decades, there has been an
evolution in governance capabilities and offerings. In the initial era of
low-code development, employees would build solutions in Microsoft Excel,
Microsoft Access, Microsoft InfoPath, and other tools, often hidden from their
IT departments and all governance strategies or policies. As technology matured,
many of these solutions became cloud-based and were built using a variety of
standalone providers. As each provider offered different governance
capabilities, organizations needed to face the challenge of overwhelming
low-code solution development and the expertise, specialized resources, and
additional time to train the admins on the governance tools that must be
implemented. Microsoft Power Platform allows organizations to move to the next
era of low-code governance with a central low-code platform that allows makers
to enjoy shared components and experiences.
Distributed cloud computing and its rising importance for businesses
Distributed systems mitigate these drawbacks in cloud computing by adequately
allocating the workload to pre-selected servers, typically the ones physically
nearest to clients. Soon, augmented reality, virtual reality, and the Internet
of Things (IoT) will all be used with data networks. They typically have low
latency and primarily benefit from the distributed cloud’s CDN/caching feature.
Distributed cloud computing reduces the overall resource requirements for the
central infrastructure and speeds up latency for users that need it by keeping
certain computations, data delivery, and storage local. It increases the overall
solution’s effectiveness for all users. Distributed cloud benefits with cloud
computing distributed systems include being open for purchase, allowing users to
request that some data remain within particular zones or that a specific
performance target for latency or throughput is fulfilled. These are discussed
between the client and the cloud provider in Service Level Agreements (SLA).
CIOs sharpen their mainframe exit strategies
Spangler advises IT leaders to “take an economic view” of what to migrate given
that there are still “tremendous technology capabilities” that exist on the
mainframe. “It can’t be a theoretically thing,’’ he says. “We just know for our
environment, because we’re more than a 40-year-old company … we have old
technologies we were replacing anyway, and when we looked at our enterprise
strategy, it just made sense.” Spangler says IT leaders should also keep the
principles of engineering and architecture in mind. “A lot of people are so
focused on getting rid of their mainframes they end up with mess,” he says,
adding that strong engineering and architecting upfront will help make sure you
end up with something that is modern, world-class, expandable, secure, and
modifiable. Lastly, Spangler recommends that IT leaders “continuously update
your plan because it’s a battle. It’s hard. Brutally hard. We literally
zero-base our business case on this every quarter and build from the bottom
up.’’
CISO: A day in the life
While engineering and technical disciplines are at the core of our profession,
we must effectively communicate with executives and boards of directors to keep
our companies, customers, and partners safe. We must communicate the latest
threats and regulations in the business context. Understanding potential
business risks are essential to prioritizing cybersecurity – and all – risks
accordingly. During my time as a cybersecurity consultant for a food company, I
highlighted the risk associated with credit card theft. One executive asked how
that compared to the risk the company faced if it experienced a salmonella
outbreak and a customer died of food poisoning. At the time, I had no good
answer to this question. This example shines a light on our role as business
enablers. Cybersecurity professionals are tasked with enabling our colleagues to
pursue opportunities and innovation. As guardians and protectors of our
business, we perform best by embracing that ethos within business operations,
with an eye always focused on risk management.
Quote for the day:
"I think the greater responsibility,
in terms of morality, is where leadership begins." --
Norman Lear
No comments:
Post a Comment