As a die-hard hockey fan and coach, I often like to think of things in terms in sports. When you think about it, cybersecurity teams and professional sports teams aren’t all that different. If you are a fan of a professional sports franchise, you are well-aware of your expectations for your favorite team every year. Without question, you make an emotional investment at the start of the season, cheering your team on to combat the opposition on a nightly or weekly basis.

But what about the team’s perspective? Undoubtedly, the team has expectations as well — namely, to run a healthy business and protect the fan base’s sacred investment. But most fans do not appreciate the complexities of running a successful franchise. Every year, the odds are stacked against teams trying to succeed. They face so many challenges and questions, such as:

  • Do we have the necessary budget to invest in and support our resources?
  • Do we have sufficient skill in our player pool to deliver a winning product?
  • What does our competition look like this year? Are their budgets and talent resources going to be an even greater mountain for us?
  • Are we able to field a competitive team today while simultaneously building for an even stronger team in the future?

The last point is perhaps the least understood concern of a sports franchise among fans. It takes a long-term vision and a strategy to be able to answer “yes” to that question.

Championship or Bust: Building a Winning Security Operations Center

Cybersecurity teams face a similar challenge. Of course, it’s not about franchising security teams, but rather building an effective and enduring security operations center (SOC). There are many parallels in the challenges that each face.

In striving to protect the sensitive data of employees, clients and citizens, security teams are perennially faced with budget limitations. This affects the resources available to combat cyberattacks, leading to long odds to fight back without enough staff. That brings us to one of the biggest issues for security teams: the skills shortage. (ISC)2 recently updated its skills shortage projection to 1.8 million vacant positions by 2022.

Just like a sports team will inevitably meet unexpected challenges such as new and stronger playoff contenders or a rash of injuries, so it goes for our cybersecurity team, which encounters continuously evolving attack methods and ever-widening gaps in staffing. The opposition never lets up, so how can our cyber athletes change the game for a better outcome in the future?

Watch the on-demand Webinar: 5 Building Blocks for a SOC That Rocks

Looking Toward the Future With Automation and Orchestration

A modern SOC first needs visibility across your environments, from traditional infrastructure to cloud. A security analytics platform that can ingest millions of data points from hundreds of sources is also a critical backbone to build upon. With the ability to apply network insights, user behavior and artificial intelligence (AI) capabilities, we can better prioritize incidents that require the attention of our limited team of security analysts.

In fact, there is a tremendous amount of automation available to enhance the effectiveness of the SOC. With the complexity and skill of attacks today, a modern SOC must be proactive in attack investigation. IBM i2 provides this capability and is already entrenched in the law enforcement and intelligence communities. Automation is a recurring criterion in a modern SOC and works well when implementing orchestration. A leading incident response platform is essential to drive coordinated response plans, from addressing potential compliance requirements to managing endpoint patches, which is an essential automation capability that helps bridge security and IT operations.

Certainly, there are more functions and services necessary to run a mature and adaptable SOC, but this serves as a quick illustration of the very effective automation and orchestration capabilities already empowering mature SOCs today.

Watch the full session from Think 2018: Building the AI-Enabled Security Operations Center

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today