Insights | Thirdera

Why SecOps is Needed Now More Than Ever: Three Necessary Steps

Written by Josh Tessaro | Jul 8, 2022 8:20:29 PM

It seems everything around us is getting smarter: smartphones, smart cars, smart thermostats, smart refrigerators, smart TVs, smart lights, smart homes, etc. – everywhere we go we find ourselves interacting with technology.

In fact, according to Digital 2021: Global Overview Report from Datareportal.com, adults now spend almost seven hours a day interacting with all of their connected devices.

Just as technology is becoming a larger part of our daily lives, businesses also increasingly rely on technology to improve communication, enhance decision making, manage customer relationships, drive go-to-market solutions, and more. Just look at how business leaders are investing; worldwide IT spending is expected to increase to $4.2 trillion in 2021 according to Gartner.

Technology has had a massive, transformative impact on business, but the introduction of modern capabilities and new technologies expands the threat surface significantly. According to the FBI’s 2020 Internet Crime Report, the Internet Crime Complaint Center received a record 791,790 cybercrime complaints in 2020. Security breaches are not only common, but they are also costly – with the average data breach in 2020 costing businesses $3.86 million according to a new report from IBM and the Ponemon Institute.

Business leaders are taking note. Spending on information security and risk management technology and services is expected to grow 12.4%, reaching $150.4 billion in 2021 according to Gartner. The increased focus on security is good but the approach needs to mature as well if we want to get the most out of our investments. Traditionally, new threat vectors (from introducing new technologies) are addressed by purchasing and implementing new point solutions which can lead to significant security technology sprawl.

In no time at all, the security toolchain is a large stack of firewalls, endpoint detection and response solutions (EDR), Data Loss Prevention solutions (DLP), Network Access Control (NAC), and more. And that stack becomes more bloated as the security landscape becomes increasingly complex. It is common for midsize and large organisations to have 15 to 40 different point solutions in their core security stack, and up to 80 when you evaluate their complete technology portfolio.

 

Tool First vs. Process and People

There’s a certain logic to the approach noted above: Identify a security gap, deploy a technology solution to mitigate it. Repeat.

However, this “tool-first” approach to security is often at the expense of the two other pillars of a mature security program: processes and people. This approach can cause significant problems over time, creating technology silos between teams, adding exponential complexity to response teams, and reducing program transparency due to a lack of central reporting.

Security analysts, often from the Security Operations Center (SOC), are commonly assigned to triage the various alerts and other information these tools generate. Tool sprawl forces them to take a “swivel-chair” approach to processing new issues as they come into the SOC. The SOC analyst might have to log into as many as 10 different systems just to determine whether an event is real (and requires further action to mitigate) or a false-positive.

This slows down the analysis and exacerbates actual security threats by delaying remediation. The SOC team often lacks the 360-degree visibility it needs to evaluate, contextualise, and respond to security data in a centralised location – a problem that worsens as the complexity of your technology stack and the corresponding threat landscape continues to grow.

These organisations must modernise their approach so that they can achieve the benefits of emerging technologies without introducing unnecessary risks.

 

How to Modernise Your Security Operations 

The following are three steps to help IT leaders modernise their Security Operations program:

 

1. Invest as much in processes as you do technology

The more technology we have the more dependency we have on ways to aggregate the data and make it intelligent and actionable. A Security Incident Event Management (SIEM) solution is critical to aggregate all the data from the disparate sources to a common system of record where we can leverage workflows to remediate the threat.

 

2. Build a control tower

The aggregation alone is not enough; build a program that can filter through the thousands of alerts and find the threats that matter.  It is critical to build a security “Control Tower” that gives equal consideration to the processes and the technology, consolidating events from your SIEM into a single system of action, that enables the people to identify, triage, and address security threats quickly and efficiently.

 

3. Empower people by staying focused on the end-goal

The ultimate objective of a security program is to prevent as many threats as possible while also enabling your security teams to take quick and correct action when threats arise. This means that enabling and empowering people with efficient technology that aggregates and enriches data supported by well-defined processes that provide guidance and remove confusion should be the goal.

 

Learn More:

 

ServiceNow Webinar: At the Crossroads of Vulnerability & Risk
Join our ServiceNow Security and Risk experts as we help you understand how your ServiceNow vulnerability response program fits into the bigger picture of risk management.

 

Take the next step

Connect with our team of experts today to answer your questions about ServiceNow's Security Operations solutions and how to protect your organisation against modern security threats.