Global VP of Marketing
NNT - New Net Technologies
Cyber Resilience is a question of good SecureOps, not of good tools.
It should be simple right? Deploy the right, cool tools that the cyber security vendors promote and sit back basking in a safe and secure world!
If only that were true but sadly, as we all know too well, incidents happen, companies still get breached and the question remains ‘Why?’.
Part of the answer is: Operations; or – to be more precise – the lack of good security operations. Cyber Security is a process not a set of tools!
Traditional gaps still exist, for example between IT Service Management, IT Helpdesk and IT Security. ITSM needs to keep IT running and as long as IT does run it’s fine whereas IT Security wants to win the constant battle of keeping systems in a secure state, asking for patches and updates installed in near real-time, thus interrupting a running system. As their objectives differ, aligned operations are the key to increase an organization’s cyber resilience, its ability to withstand attacks, to master the impact should one hit, and to return to a normal or even improved state.
Achieving this goal is further hindered by the existing asymmetry between defenders and attackers. In a regular enterprise you will find dozens of different devices, operating systems, applications, databases, networking devices – you name it – which have to be kept in shape by IT Security and kept running by ITSM alike. Their knowledge and ability to keeps things tied together and orchestrated is stretched with each and every new system and digital process. And there will be many when a company decides to move forward into digitalization of business models and business processes.
The opposite is true for the attacker’s. For them it is the one vulnerable system they need to get in, to exploit and infiltrate. They can wait for the new RCE vulnerability being published (like PrintNightmare) or use malware-as-a-service (like REvil) to come back and see whether the defenders have missed it.
A new facet of ransomware attacks appears to have established itself, born out of an ‘abundance of caution’. Companies detecting a suspected ransomware attack are opting to shut down entire global IP networks early to prevent any serious harm. It seems that organizations lack the confidence to detect a potential attack, leading to drastic – and often unnecessary - wholesale action in response, which only increases the stakes and adds to the pressure.
That is why SecureOps is needed, why SecureOps-as-a-Service will help enterprises to increase their cyber resilience.
Secure operations need to be effective to support an organization’s cyber resilience, a fact that is supported by a Ponemon research regarding SOCs in which the effectiveness of them is still rated as low. That verdict is mainly based on a visibility problem, seeing the important data points only and seeing them as quick as possible.
SecureOps-as-Service is designed to help NNT’s customer achieve effectiveness and efficiency in their security operations. It does so by going through two stages.
In stage 1, the service will help an organization to understand the largely unpredictable element of change noise and prepare its change control best practice process to include a security perspective. Integration with existing ITSM tools or process provides a unique view of ‘what good looks like’ as it relates to the activity, we should see within our production environments. Operations providing security with invaluable insight – SecureOps!
In stage 2, the most important component of an effective Change Control operations, the closed-loop, intelligent control of all changes is introduced and its power to automatically analyze and evaluate all change activity ensures that changes are validated as being implemented accurately, and only as approved. Arguably the only way to protect from advanced threats such as Zero Day malware is to analyze changes for authenticity. SecureOps as a Service arms you with the process and tools to make sure you are fully equipped to do so!
SecureOps as a Service is described in more details here. It will help you in many more aspects of cyber resilience.