SecOps is the latest—and most significant—innovation for securing enterprises and minimizing risk. Here are the best recent reads on what it is, how it works, and how best to embrace it. Achmad Chadran is a Content Strategist at OpenText and Managing Editor of the online journal TechBeacon.
A SecOps reading roundup
At its most fundamental level, Security Operations, or SecOps, is the strategic partnering of IT security with operations to minimize risk while optimizing business processes.
Of course, to define SecOps is much simpler than to implement it effectively. Building SecOps teams nearly always involves bringing together professionals with different types of expertise, and goals that may seem contradictory, for a common purpose.
The field has its share of pundits and zealots, best practices recommendations, and cautionary tales. This should come as no surprise, given the high stakes enterprises have in both implementing and sustaining successful Security Operations.
To help shed light on SecOps and the issues surrounding it, this blog post offers a roundup of some of the most insightful content published in various corners of our site.
The Automated Security Operations Center—Myth or Reality?
In this blog, OpenText Product Marketing Manager Steve Jones delves into the capabilities and the limits of Security Orchestration Automation and Response (SOAR), a model for automating security operations.
SOAR solutions are intended to automate the triage process by identifying the threat level; sifting out the false positives; and firing off an automated response that might block the offending IP or malicious hash, disable the user account, or delete phishing emails from users’ inboxes.
Yet, the author points out, with the current state of technology, these automated solutions—while very useful in reducing analyst workload—are not at the point where they can replace humans. Analysts are still required to observe, interpret, and react to cyberthreats and their cues.
This said, Jones proceeds to enumerate some common cyber security use cases that lend themselves to automated intervention. These use cases include phishing exploits, corrupted endpoints, compromised credentials, failed user logins, command-and-control activity, IP theft triggered by DLP or behavioral analytics, and ransomware or crypto jacking.
The Battle is Not Always Outside
This blog, penned by OpenText SecOps Solutions Principal Pranay Prakash, puts insider threats in a larger historical context that includes coups d’états and daring heists, a colorful and thought-provoking intro.
The author goes on to assign culpability as much to carelessness—by employees, contractors, and third-party vendors—as to criminal malice. He frames ArcSight Intelligence, in particular, as a core solution component of Intelligent SecOps, the latter a response to the rampant rise in insider threat incidents, which have risen 44% over the past two years to reach a massive global average cost to enterprises of $15.4 million.
The payoff in this well-researched blog lies in Prakash’s articulation of a 7-step program for a User Entity and Behavioral Analytics (UEBA) security solution, designed to head off insider threats no matter whether they result from acts of malicious insiders or oversights due to carelessness.
5 Things SecOps Can Learn from Dungeons & Dragons
Wrapping up this list is a terrific article on TechBeacon, “5 Things SecOps Can Learn from Dungeons & Dragons.”
Author Rik Ferguson masterfully compares building a cybersecurity team to assembling an effective adventuring party in the RP game, selecting from among the classes—wizards, warriors, clerics, and rogues—with the goal to counterbalance different characters’ strengths and weaknesses. Ferguson then advises readers to approach cybersecurity the way they play D&D, as a campaign run over the course of multiple sessions.
The ever-changing threat landscape and the increasing complexity of IT environments demands that cybersecurity management is a continuous process, and not a set-and-forget proposition.
The author never flags in his ability to apply D&D metaphors to SecOps best practices, drawing comparisons between a dungeon master’s omniscience and the criticality of visibility in cybersecurity, for example. Yet Ferguson draws a crucial distinction between the game and the real-world domain by pointing out that while there’s nothing to prevent a D&D player from rolling a “1” and suffering a critical failure, SecOps professionals have the opportunity to build resilience through planning for failure.
Are you a SecOps devotee?
Do you have a passion for SecOps?
If so, you won’t want to miss this on-demand webinar, “Security Operations Migrations with CyberRes ArcSight on AWS.”
The webinar features Jerry Pang, EMEA Workload Migration Program, Amazon Web Services (AWS), and Christopher Cook, Senior Product Manager, ArcSight, Cyber Security.
Click here to watch “Security Operations Migrations with CyberRes ArcSight on AWS” now.
