As a die-hard hockey fan and coach, I often like to think of things in terms in sports. When you think about it, cybersecurity teams and professional sports teams aren’t all that different. If you are a fan of a professional sports franchise, you are well-aware of your expectations for your favorite team every year. Without question, you make an emotional investment at the start of the season, cheering your team on to combat the opposition on a nightly or weekly basis.

But what about the team’s perspective? Undoubtedly, the team has expectations as well — namely, to run a healthy business and protect the fan base’s sacred investment. But most fans do not appreciate the complexities of running a successful franchise. Every year, the odds are stacked against teams trying to succeed. They face so many challenges and questions, such as:

  • Do we have the necessary budget to invest in and support our resources?
  • Do we have sufficient skill in our player pool to deliver a winning product?
  • What does our competition look like this year? Are their budgets and talent resources going to be an even greater mountain for us?
  • Are we able to field a competitive team today while simultaneously building for an even stronger team in the future?

The last point is perhaps the least understood concern of a sports franchise among fans. It takes a long-term vision and a strategy to be able to answer “yes” to that question.

Championship or Bust: Building a Winning Security Operations Center

Cybersecurity teams face a similar challenge. Of course, it’s not about franchising security teams, but rather building an effective and enduring security operations center (SOC). There are many parallels in the challenges that each face.

In striving to protect the sensitive data of employees, clients and citizens, security teams are perennially faced with budget limitations. This affects the resources available to combat cyberattacks, leading to long odds to fight back without enough staff. That brings us to one of the biggest issues for security teams: the skills shortage. (ISC)2 recently updated its skills shortage projection to 1.8 million vacant positions by 2022.

Just like a sports team will inevitably meet unexpected challenges such as new and stronger playoff contenders or a rash of injuries, so it goes for our cybersecurity team, which encounters continuously evolving attack methods and ever-widening gaps in staffing. The opposition never lets up, so how can our cyber athletes change the game for a better outcome in the future?

Watch the on-demand Webinar: 5 Building Blocks for a SOC That Rocks

Looking Toward the Future With Automation and Orchestration

A modern SOC first needs visibility across your environments, from traditional infrastructure to cloud. A security analytics platform that can ingest millions of data points from hundreds of sources is also a critical backbone to build upon. With the ability to apply network insights, user behavior and artificial intelligence (AI) capabilities, we can better prioritize incidents that require the attention of our limited team of security analysts.

In fact, there is a tremendous amount of automation available to enhance the effectiveness of the SOC. With the complexity and skill of attacks today, a modern SOC must be proactive in attack investigation. IBM i2 provides this capability and is already entrenched in the law enforcement and intelligence communities. Automation is a recurring criterion in a modern SOC and works well when implementing orchestration. A leading incident response platform is essential to drive coordinated response plans, from addressing potential compliance requirements to managing endpoint patches, which is an essential automation capability that helps bridge security and IT operations.

Certainly, there are more functions and services necessary to run a mature and adaptable SOC, but this serves as a quick illustration of the very effective automation and orchestration capabilities already empowering mature SOCs today.

Watch the full session from Think 2018: Building the AI-Enabled Security Operations Center

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today