He Sleeps in a Storm
Spoilers Alert – The following is a parody, only to draw more attention, deservedly so, towards and appreciate the contribution of cyber security experts to the overall security posture of organizations.
During the days when Cyber Security skill demand outstripped the supply, a young man sought employment as a Cyber Security Expert at a Cyber Security firm. He even handed a recommendation letter to his interviewer that read, “He sleeps during a cyber-attack.” The Talent Acquisition person desperately needed to fill the position, so he hired the young man despite his enigmatic letter of recommendation.
Several weeks passed and, in the middle of the night, the news of a powerful Ransomware attack was making rounds and a customer of the Cyber Security Firm was a potential target. Awakened by the news, the firm CEO jumped out of bed. He called his new employee, but the man was sound asleep. The CEO dashed to Security Operations Center (SOC) and to his amazement, the network traffic was normal, all the web applications functioned normally. He hurried to the ecommerce servers console, only to see that all the transactions were going on smoothly. He ran to the database server console. Everything was securely backed up and encrypted. All the OS patches and policies were up to date.
And then the CEO understood, “He sleeps in a storm.”
“My friends, if we tend to the things that are important to secure your enterprise networks, data, cloud, apps, and if we are right with the choice of technology and people and processes, we enforce the security policies, our lives will not be cursed with the aching throb of a cyber-attack and its ugly aftermath. Our Information Systems will always be available and secure. We will never wallow in the agony of “We could have, We should have.” We can sleep during a Cyber-attack.
As mentioned in the spoilers alert, the above is a satire on an extract from Have a Little Faith by Mitch Albom, taken from a sermon by the Reb - Rabbi Albert Lewis.
Real life and its experiences, be it from faith or those seeking spirituality, inspire businesses and can go a long way in making sure the businesses achieve what they are set out to.
Cyber Security Services from Managed Security Service Providers (MSSP) are for a focused operation that requires skills that are quite different from what an organization’s core and critical operations require; therefore, it makes absolute sense to leave it to those who run it as their core business, so that you can sleep peacefully.
The right blend of People and Processes & Technology (PPT) helps manage utilization of resources and achieve operational efficiency avoiding the trap of alert fatigue that most enterprises face when managing security in silos.
The people are the security experts who do the tasks described in the process, mostly by leveraging the technology and tools.
There are two critical SOC roles that include Security Analyst and Incident Responder. A security analyst collects security event data, log and machine data, search machine analytics and assess threats to determine a risk. Whereas an incident responder undertakes the responsibility to conduct a detailed analysis of malicious events by using search analytics, threat intelligence, malware analysis tools, and forensic techniques.
For the effectiveness of a SOC it is vital to define and document processes so that the execution can be ensured in accordance with the documented plan. The process ensures synchronization and timely execution of different events and activities that are performed by the SOC. For instance, when a major incident occurs, process make sure that it is reported to the required recipient in the organization. In addition, the process delegates clear responsibilities to SOC roles such as security analysts and incident responders so that repetition of work or tasks is avoided and the required outcome can be achieved efficiently.
You need a validated and integrated threat detection and response platform that hunts down and eliminates the advanced and unknown threats that routinely bypass perimeter controls.
A combination of cutting-edge technology, leading intelligence, and advanced analytics which, when brandished by people with unparalleled expertise, allows to detect and investigate the threats that others fail to even identify. Threats that others are blind to, can be seen and responded to with great speed and accuracy.
The technical aspect should include advanced network and endpoint threat detection, analytics and real-time global threat intelligence. Despite the best technology, what should differentiate is the team of cyber professionals who continually monitor the client’s environments while simultaneously hunting threats internally as well as monitoring developments on the deep and dark web.
With this combination of people, processes & technology and expertise clients gain a fully managed service – delivered by the most experienced security analysts – that defends against the most determined and well-equipped adversaries. Whether the attacker is deploying zero-day attacks, or is a nation state sponsored advanced persistent threat, the security operation centers must be vigilant 24/7, leaving assailants no chance to succeed.
It is evident that people, processes, and technology are critical factors when building an effective and reliable SOC that delivers on its promises. Enterprises must consider them to enhance their capabilities in the face of notorious cyber security threats such as Ransomware.
So that, we can sleep during a Cyber-attack.