This article was originally posted on Security Info Watch. Read the original article here.
Modernization has been at the forefront of technology industry conversations for years, but even more in the last couple of months as issues with Southwest Airlines and the Federal Aviation Administration exemplified the real-world impacts of outdated software. Software that wasn’t designed to meet modern travel requirements and the breakdown of a key computer system breakdown left airline crews and passengers frustrated, stranded, and helpless. These high-profile outages are just the latest example of technology nearing the end of its life. These programs were developed decades ago when the problems and solutions differed significantly from today.
We’re reaching the same breaking point in cybersecurity. We all know Security Operation Centers (SOCs) are overwhelmed, making it difficult to keep up with the changes that come with increasingly complex IT environments. Something has to give. Security leaders and teams areshifting how their organizations approach security, but not without much pain. Changing an approach or underlying foundation is difficult, but it is necessary to start taking steps to face the challenges. Small shifts now can protect organizations from having to make very large, almost impossible, forced changes later.
It is more crucial than ever for security teams to re-architect core security operating infrastructure and prioritize SOC modernization to face the challenges of today and tomorrow.
Make Sure Your Processes and Tech Aren’t Working Against You
IT teams have been accelerating the move to cloud application development and deployment, which heightens the need for security to re-architect core operating infrastructure to address the evolving threats of a cloud environment. Teams are being bogged down trying to simultaneously manage security alerts and tuning and maintaining the rules generating them with figuring out different platforms and tools. Teams are stretching themselves to be tool experts, security experts, and data experts. Attackers exploit these changes to leverage weak links and introduce new threats, challenging security and IT teams to modernize security operations while defending existing infrastructure.
Effective modernization requires building a SOC capable of scaling and analyzing signals from multiple cloud environments while simultaneously supporting a dispersed workforce. Current security operations strategies, processes, and technologies must adapt to fit the needs of the modern workforce, including corporate-owned devices, personal devices used for work, third-party supply chain and partner devices, and the many connected IoT devices involved in infrastructure operations.
Tip: Identify recurring efforts that cause gaps and slow modernization. Start by answering some questions:
- How much time is your team spending on building and managing detections?
- How quickly can your team inform you when you see a new headline about a threat?
Is Your SecOps Being Stretched Thin?
According to a recent survey of security decision-makers responsible for threat detection at their organization, 57% of respondents indicated SecOps is more chaotic than it was two years ago and 93% felt their organization needed to re-evaluate its SecOps priorities. Perhaps the biggest challenge will be existing SecOps solutions. Fifty-seven percent of security professionals surveyed worried that using existing SecOps solutions in unintended ways would cause additional problems. Unfortunately, as security teams re-architect operational infrastructure, daily SecOps activities must continue to mitigate risk. This means security teams will need to continue leveraging existing solutions while pursuing modernization, which may also require supplementing with manual processes to close the gaps.
Among those gaps, security professionals are most concerned about detection (43%), investigation and triage (42%), response (40%), visibility (38%) and hunting (32%).
SecOps depends on effective mechanisms to detect threats across all facets of the IT operating infrastructure. As the environment evolves and more endpoints and hybrid logging platforms are added, threat detection is increasingly complex and challenging.
In the same survey, 64% of security decision-makers either have only one individual or no one dedicated to threat engineering, but they understand the value and results of an increased investment (resources and staff) in this area could have. 75% of all respondents expect a moderate to a drastic reduction in dwell time and measurable performance improvements around threat detection from increased investment in detection engineering.
Considering the level of change, organizations are challenged to balance investments in existing infrastructure with limited budgets and innumerable options for new solutions. To succeed, organizations need to prioritize investments in converged, scalable platforms designed to support the new IT operating environment.
SOC Modernization is Mission Critical
To avoid becoming the next big headline, organizations need to focus on a few things for effective and efficient security operations modernization:
- Understand the threat landscape and your organization’s coverage – Security teams need to quickly identify coverage and data gaps through continuous measurement to drive recommendations that can be mapped back to industry frameworks
- Enhance threat hunting and improve detection – Organizations need to account for known and unknown risks, which requires finding suspicious behavioral patterns and deploying related detections. By building and deploying pattern-based detections, organizations can address backlogs of threats and reduce the time to address new ones.
- Reduce time to detect and triage – With an increasing number of solutions to account for, organizations need a way to ingest, normalize, tag, enrich, and correlate alerts across disparate systems. Automating the manual efforts of alert tuning, allowlisting, and triage observations simplifies investigations and save organizations valuable time when under attack.
When it comes to modernization, it’s better late than never. While the transition to the cloud has been ongoing for most organizations, modernizing your SOC architecture to protect your organization is more critical than ever. Getting out ahead of tomorrow’s threats will help organizations be agile enough for continued change as the threat landscape evolves.