Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Threat Intelligence Staffing to Evolve Security Operations

The structure of today’s enterprise organization security operations must evolve to compete with the growing threat landscape and sophistication of adversaries.

The structure of today’s enterprise organization security operations must evolve to compete with the growing threat landscape and sophistication of adversaries.

Most modern enterprises have invested heavily in technology and people focused on reacting to the array of daily attempts by various actors to breach an organization’s perimeter. The vast majority of security operations centers are built around technologies dependent upon known indicators. These technologies focus on consuming and correlating various data sources against these indicators to raise attention to the staff manning these centers. It has become a highly consumer-driven operation in which operators react to the attention of security focused systems with a specific or defined course of action. This environment leads to a mode of operation based on a high degree of reaction leaving proactive actions to the various vendors whose technologies support the enterprise’s security posture.

Staffing Security OperationsEvolution of this current model requires enterprise security operations to become more proactive in ferreting out behavior and risk that is not typically visible to a highly reaction-oriented environment.

One way for organizations to begin this evolution is to start investing in security operations staff focused more on proactively gaining intelligence of threats, behaviors and risk that are not prone to being detected by traditional means, or could be detected ahead of the threat identified by these traditional means. This evolution requires organizations to begin properly staffing threat intelligence analysts. Many forward-leaning organizations, specifically in the financial and government sectors have already begun integrating this function and role into their organizations, but far too many have not evolved.

Incorporating such personnel allows an organization to become much more proactive in assessing its risk. This involves looking beyond the perimeter to changes in Internet infrastructure, performing constant assessment of perimeter security controls as represented outside of the organization and identifying potential risks that third party vendors, suppliers and partners may introduce. This requires not being solely reliant on technology aggregating results but rather actively hunting for threats to an organization’s peers, changes in Internet exposed topology and resources and communications that may be telling of a compromise or loss of data.

These analysts augment the current security operations center by creating intelligence-based findings that expose valuable context to seemingly benign transactions from within their organization as well as outside the perimeter. They become responsible for tracking threats impacting other organizations and peers and proactively provide information back into the security operations center to take countermeasures ahead of the threat, should the threat or actors turn their focus to the organization.

Instead of waiting for a system to raise a red flag for attention, these individuals are actively pursing potential avenues of compromise and making the overall security operations center better prepared. It’s not simply ingesting a threat intelligence feed from a specific vendor, but the concept of taking in and understanding as many sources possible (open and proprietary) to stay ahead of this ever-evolving threat landscape.

Call to Action for Security Operations Teams

• Invest in people, technology, and policy towards more proactive methods of identifying and understanding threat behavior and countering threats

Advertisement. Scroll to continue reading.

• Build a cyber threat intelligence function into the organizations security operations roles

• Enable analysts to gather intelligence and hunt for clues that exist outside or beyond the enterprise perimeter leading to detecting threats ahead of traditional means

• Consider the entire cyber ecosystem to include threats that may be leveraging third-party networks (vendor, supplier, and partners)

• Establish security countermeasures as an integral part of the organization’s security operations and active defense

Related: What Does Your Cybersecurity “A Team” Look Like?

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.