Today, CISOs face three primary challenges that prevent them from optimally protecting their organizations. First, is the tie to their current technology, which often suffers from complexity and siloed operations that prevent automation. These issues slow down the security operations center (SOC) team, which in turn slows the response to attacks.
The second challenge is process-related. Automating in pockets is easier, but to automate from start to finish, you need to understand the automation flow. Many organizations struggle to define the right process within their teams, technology stacks, and across users and suppliers.
A lack of skilled people is the third challenge. There simply are not enough people to support what organizations need to do in terms of security even with automation.
Security teams facing these challenges should focus on better decision making, prioritizing endpoint security, and including security services in their strategy planning to improve early detection and mitigate workforce shortages.
Focus on better decision-making
CISOs need to focus on centralizing decision making and automating real-time execution. An integrated cybersecurity platform that is proactive and dynamic can address unknown threats as they appear. With this type of platform, CISOs can focus on using what they have to the extent possible. Many times, an Incident Response team (IR) works to mitigate an event only to learn that the right technology solutions are in place but they were never tuned to full capacity or calibrated to work together. If technology isn’t implemented at its full scale and capabilities, it won’t provide the detection and protection the organization needs.
When CISOs are evaluating technology to be added into the security stack, the assessment should have an end goal of enhancing synergy and automation. Solutions should have a centralized knowledge base and the ability to create a self-defending security process through automation.
Prioritize endpoint security products
Organizations need to invest in modernizing their endpoint security. They should employ a complete endpoint security solution that is integrated into a holistic ecosystem of security solutions, such as SD-WAN, SASE, and EDR. Endpoint security also needs to be expanded across the network and the cloud with solutions placed in key locations. The most impact against unknown threats comes from behavior-based modeling, advanced machine learning, and on-the-spot remediation capabilities.
Although ransomware has rightfully received a lot of attention, it’s important to remember that in most cases, ransomware is the second stage. CISOs should first look at vulnerabilities that are exploit targets. Many vulnerabilities are device-centric, whether they’re user devices or servers that are accepting agents. All of these devices should have endpoint security solutions. In most cases, IoT and OT devices are “unseen,” unmanaged, very old or very new, and harder to patch, which makes them targets for exploitation. Look for technology that can handle unknown threats and devices, and invest in segmentation that supports visibility and enforcement as close to the protected assets or application as possible.
Be sure to prioritize products that deliver unification and correlation of security (and traffic) data across the entire infrastructure. This data set acts as the base for comprehensive visibility, detection, and enforcement that is facilitated by machine learning. Whether it’s called extended detection and response (XDR) or security information and event management (SIEM), having a product that delivers unified data sets is important. Once you have unified data, you can apply layered automation through security orchestration, automation, and response (SOAR).
To save the most time and money on protection, invest in early detection. Like everything in life, the earlier you detect and prevent something, the better off you’ll be. A number of new technologies focus on early detection. For example, external attack surface management previews how your organization appears to an attacker when they do a “scan” to determine if an attack is worth it. Using this technology, you can remediate issues before an attack. Solutions usually combine artificial intelligence (AI)-based processes with human-based services for takedown. For organizations that are concerned about their brand and its usage in attacks, consider adding brand protection capabilities, which monitor your online presence for fraud activities in your name. Identification of lateral movement and “not so silent” activities inside your network can help stop attacks in their tracks. Technologies like deception and network detection and response (NDR) are key in identifying and preventing under-the-radar activities that may appear legitimate, but aren’t.
Continuing innovation on the attacker side keeps everyone in security on their toes, so CISOs should look for technology that can detect unknown risks based on behavior in addition to other techniques. The detection data then needs to transition into automated action for prevention in near real-time. With that in mind, make sure that new solutions integrate with everything else in your stack to create a self-defending ecosystem.
Include security services in strategy planning
When planning the services to prioritize, put early detection at the top of the list. Preventing attacks early saves time and resources and can reduce risk. Most vendors offer security services for their products, and with cloud-delivered security, they can innovate more quickly.
An information-sharing service can bring information to and from the cloud, so it can coordinate the content between multiple locations, products, and devices in an organization. In much the same way you can coordinate apps across your Apple watch, iPhone and computer, cybersecurity solutions can work from a common knowledge base to close security gaps. To protect against cyberattacks across a larger community, services can share the data from one organization facing an attack with others to prevent an attack before it arrives. The attack then only exists once, and zero-day spread is mitigated more quickly.
Solve the people problem with services
As CISOs work to unify and automate SOC processes, the cybersecurity skills gap can hold them back. How can teams who can’t hire people fast enough tackle escalating cybersecurity needs? Professional services purchased from a security vendor or MSSP can help augment a SOC team by offloading daily tasks from the security teams to the vendor. Doing so frees up the SOC team to work on high-priority strategic tasks as well as assessments, training, and preparation. Incident response and assessments are also often outsourced to provide customization and specialization.
However, to solve the cybersecurity skills shortage, the industry needs to commit to building training programsand education opportunities to help foster a future workforce of skilled cybersecurity professionals.
CISOs and their SOC teams have to address multiple priorities at once. Between complex technology and a cybersecurity skills shortage, it can be difficult to know what to do first. By offloading some of the workload, even on a temporary basis, automating processes and training employees, you can assess, regroup, and create a solid security strategy that focuses on risk reduction.
Learn more about how Fortinet’s team of cybersecurity experts can help you enhance, automate, and outsource critical security functions to keep your organization secure.
Copyright © 2022 IDG Communications, Inc.