We’re well into the new year, and you’ve resolved to keep yourself and your organization better informed about rapidly evolving threats, vulnerabilities, exploits, technologies, products and services related to cybersecurity. But how?
Keeping Up With Cybersecurity Trends
Here’s a snapshot of some of the many ways that security professionals are working hard to keep up with cybersecurity trends.
For many of us, efforts to stay informed about what’s happening in cybersecurity center around the lower-left corner of the above table. Our daily routine includes scanning our favorite news feeds, blogs, podcasts, social media posts and other informal, publicly available sources.
The fundamental challenge is to keep pace with the cybersecurity news cycle and maintain a high level of awareness about the latest cybersecurity trends and events in the never-ending battle between attackers and defenders.
Sources of Security News and Insights
When asked about their favorite sources of cybersecurity news and insights, security professionals offered some great places to start:
- “I listen to The CyberWire podcast … It’s my go-to resource every day.”
- “I listen to CyberWire, and the SANS Internet Storm Center. My favorite blogs come from reverse engineers across the entire industry, from independents to bloggers who work for the largest vendors. I also follow some favorites on Twitter, too many to mention.”
- “A few times a day, I check in on the headlines at my favorite sites with Feedly, a fast and easy way to get the latest security news, which I’ve been able to optimize over time. My Twitter follows are curated to a core group of super sharp people who post security info and analysis that isn’t always in the mainstream. In a similar vein, LinkedIn news updates from colleagues are an excellent way to keep up with stories I may not have seen elsewhere.”
Formal Cybersecurity Analysis
For others, the need to stay informed is much more formal and structured, as in the examples found in the upper half of the table. For example, hands-on analysts in a security operations center needs the latest intelligence about active threats, vulnerabilities and exploits so they can quickly assess risks and take the most effective actions to defend, respond and recover.
These professionals value real-time visibility and intelligence about what’s happening, as opposed to news about what already happened. One fundamental challenge is learning how to share and collaborate more openly in what is a traditionally closed discipline. These professionals are also challenged to create and leverage automated mechanisms to efficiently share information without compromising confidentiality and trust.
When asked for resources related to these challenges, security analysts suggested the following:
- “I subscribe to the daily email alerts from the U.S. Computer Emergency Readiness Team (US-CERT).”
- “After reading the daily threat intelligence from the IBM X-Force Threat Analysis Service (XFTAS), I read up on what is being sent out by other cyber news organizations, what is being shared with us from the Information Sharing and Analysis Center (ISACs) and alerts from the IBM X-Force Command Centers.”
Whether informal or formal and regardless of the source, staying informed requires a committed, disciplined effort. This effort is essential to the cybersecurity professional’s dual role of technical expert and trusted advisor.
VP & Research Fellow, IT Security and IT GRC, Aberdeen Group