An article in InfoTech by CrowdStrike CISO Jerry Dixon, “How to Future-proof Your Security Operations,” explains the dilemma that many security operations center (SOC) teams are facing given the overwhelming volume of alerts they receive. In this article, Dixon points out that each day, SOC personnel can expect to be managing anywhere from 50 to 100,000 security events — many of them false.
Dixon argues that SOCs must evolve if they hope to keep pace with a modern threat environment that includes sophisticated, fileless threats capable of evading standard security measures. He advises that the right combination of technology, intelligence and people is key to “future-proofing” your security operations. The following is a summary of Dixon’s suggestions to ensure readiness in each of these key areas:
SOCs need to employ platforms that support data analytics and automated tool orchestration to ensure the most efficient operations, rather than just layering on a variety of security tools. Dixon explains that adding disparate solutions may not only increase complexity, they can create data silos and massive amounts of data that must be triaged. He advises SOC teams to look for integrated tools that can ensure rapid response as well as automate containment and streamline collaboration.
Threat intelligence is a critical component that drives a SOC team’s ability to detect and prioritize alerts, but the team must also be able to operationalize threat intelligence to be effective. Dixon recommends that your SOC team first identify security gaps and construct an intelligence framework based on them. Consolidating intelligence sources is key, as is streamlining the internal dissemination of information.
Using threat intelligence and security operations successfully is only possible with the right people in place. This means having both intelligence analysts and proactive threat hunters who work 24/7 to identify threats and augment automated monitoring. With these elements present, the team’s ability to immediately execute a cyber crisis response plan can be greatly enhanced.
Dixon closes by saying that SOCs are at the heart of any company’s defense, and they must keep pace with the evolving threat landscape to detect adversary activity quickly. SOC team leaders who strive for operational effectiveness by ensuring a combination of proactive technology, threat intelligence and the right people will be better equipped to protect their organizations from potentially damaging breaches.
To read the entire article, visit InfoTech Spotlight.
For more information on how Falcon OverWatch, CrowdStrike’s 24/7 managing hunting protection, can act as a force multiplier for security operation centers, read the white paper “Proactive Hunting: The Last Line of Defense Against the ‘Mega Breach.’”