As a die-hard hockey fan and coach, I often like to think of things in terms in sports. When you think about it, cybersecurity teams and professional sports teams aren’t all that different. If you are a fan of a professional sports franchise, you are well-aware of your expectations for your favorite team every year. Without question, you make an emotional investment at the start of the season, cheering your team on to combat the opposition on a nightly or weekly basis.
But what about the team’s perspective? Undoubtedly, the team has expectations as well — namely, to run a healthy business and protect the fan base’s sacred investment. But most fans do not appreciate the complexities of running a successful franchise. Every year, the odds are stacked against teams trying to succeed. They face so many challenges and questions, such as:
- Do we have the necessary budget to invest in and support our resources?
- Do we have sufficient skill in our player pool to deliver a winning product?
- What does our competition look like this year? Are their budgets and talent resources going to be an even greater mountain for us?
- Are we able to field a competitive team today while simultaneously building for an even stronger team in the future?
The last point is perhaps the least understood concern of a sports franchise among fans. It takes a long-term vision and a strategy to be able to answer “yes” to that question.
Championship or Bust: Building a Winning Security Operations Center
Cybersecurity teams face a similar challenge. Of course, it’s not about franchising security teams, but rather building an effective and enduring security operations center (SOC). There are many parallels in the challenges that each face.
In striving to protect the sensitive data of employees, clients and citizens, security teams are perennially faced with budget limitations. This affects the resources available to combat cyberattacks, leading to long odds to fight back without enough staff. That brings us to one of the biggest issues for security teams: the skills shortage. (ISC)2 recently updated its skills shortage projection to 1.8 million vacant positions by 2022.
Just like a sports team will inevitably meet unexpected challenges such as new and stronger playoff contenders or a rash of injuries, so it goes for our cybersecurity team, which encounters continuously evolving attack methods and ever-widening gaps in staffing. The opposition never lets up, so how can our cyber athletes change the game for a better outcome in the future?
Looking Toward the Future With Automation and Orchestration
A modern SOC first needs visibility across your environments, from traditional infrastructure to cloud. A security analytics platform that can ingest millions of data points from hundreds of sources is also a critical backbone to build upon. With the ability to apply network insights, user behavior and artificial intelligence (AI) capabilities, we can better prioritize incidents that require the attention of our limited team of security analysts.
In fact, there is a tremendous amount of automation available to enhance the effectiveness of the SOC. With the complexity and skill of attacks today, a modern SOC must be proactive in attack investigation. IBM i2 provides this capability and is already entrenched in the law enforcement and intelligence communities. Automation is a recurring criterion in a modern SOC and works well when implementing orchestration. A leading incident response platform is essential to drive coordinated response plans, from addressing potential compliance requirements to managing endpoint patches, which is an essential automation capability that helps bridge security and IT operations.
Certainly, there are more functions and services necessary to run a mature and adaptable SOC, but this serves as a quick illustration of the very effective automation and orchestration capabilities already empowering mature SOCs today.