Challenges of Security Incident Response Silos

Just a glance at the current headlines reveals cybercrime is increasing on a global level. Criminals are not just targeting enterprises, but small and medium-sized organizations. And they’re becoming more strategic, innovative, and nefarious with attacks like ransomware; in fact, total ransomware has grown 80% in 2016, according to a report from McAfee Labs.

Enterprises are not just counting on prevention-only approaches; they’re focusing on detection and, more importantly, response. Worldwide spending on information security is expected to reach $90 billion in 2017, an increase of 7.6 percent over 2016 and will hit $113 billion by 2020, according to Gartner.

  • How are organizations handling security incident response to combat growing threats?
  • What is the current state of Security Operation Centers (SOC) and why are they at risk?
  • How do organizations improve coordinated response to security incidents?

Let’s examine some of the challenges SOCs face and the benefits of uniting Security Incident Response automation with Case Management.

Cybersecurity Analytics and Operations are Becoming More Difficult

 

SOCs are constantly being bombarded with new threats. Crypto-style ransomware grew 35 percent in 2015, according to Symantec Internet Security Threat Report. For example, the recent WanaCry ransomware attack took down hospitals, factories, and banks in an orchestrated, worldwide attack in May 2017.

Incidents and data breaches are not only advancing, they’re becoming costly, too. The IBM Cost of a Data Breach Study reveals that the average total cost of a data breach is $3.62 million – not including the negative impact on an organization’s brand.

While SOCs and security professionals are highly skilled and often running at full speed, there’s often a shortage of personnel on teams to help combat security incidents. Compounding the challenges is alert fatigue, where security teams become desensitized to security alerts. CISOs are often faced with the challenge of combating increasing security incidents with finite personnel.

The majority of cybersecurity professionals think security analytics and operations are less effective due to problems in working relationships between security and IT Ops teams. Read more of Jon Oltsik’s, Principal Analyst of Enterprise Strategy Group, blog on CSO Online here.

The Arms Race Between Security Professional and Criminals

 

Most security operations have developed some form of incident response processes and procedures, but many of these existing approaches are losing ground in the battle against cyber attackers. Why are some security teams struggling to keep up?

Some organizations approach incident response in a highly-fragmented manner. Their incident response approach is often cobbled together from a variety of disparate point solutions including SharePoint, Wikis, shared folders, spreadsheets, Word documents and individual scripting tools, to name a few. Unfortunately, this patchwork of various solutions lacks process consistency, workflow, and focus.

While a disparate approach to security creates inefficiencies, an organization also opens itself up to vulnerabilities. Cyber criminals opportunistically realize this too. Attackers recognize the gaps in security and are becoming more tactical in penetrating defenses. Fragmented security incident response tools create chinks in the armor. Furthermore, criminals are becoming more organized with underground black markets, trading and selling advanced attack tools to target proprietary, customer, and financial data.

A Holistic Approach to Unite Security Incident Response with Case Management

Successful Security Incident Response (SIR) means cross-functional incident response activities, but in a unified approach. Partnered with IT and other technical operations groups, a holistic approach means your security team has higher levels of control, visibility, and assurance. While case management provides enforcement-grade evidence and task logging of the investigation and remediation, it should not be kept separate and siloed.

Automated security incident response shows great promise but you can’t just add automation to your SOC and walk away. This approach only compounds previous fragmentation. As mentioned, successful SIR requires the key technical stakeholders to harmonize strategies and functions across ; there is need for not only end-to-end automation, but human-guided automation, which integrates human-directed activities and decisions with machine automation.

As the leader in automated security incident response technology, Resolve Systems is uniquely positioned to share actionable insights on how to respond to the rapidly evolving threat landscape.

Want more strategic insight on how automation united with case management can optimize your organization’s security incident response?

Read more in the White Paper Security Incident Response Needs a Unified Platform.

 

Larry Lien
Resolve Systems
Chief Product Officer

What's Next?

Accelerate Security Incident Response to Mitigate GDPR Fines

Accelerate Security Incident Response to Mitigate GDPR Fines

The EU’s General Data Protection Regulation goes into effect May 25, 2018. What does that mean for your cybersecurity team? The most critical facets of the GDPR for cybersecurity teams are:

  • Protecting personal data
  • Erasing data, when requested and on demand
  • Notifying EU citizens of a breach of their confidential data within 72 hours