CONFERENCE Watch Now: Threat Detection & Incident Response (TDIR) Summit - Watch Event On-Demand
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

In Difficult Situations, Strength Comes From Human Creativity, Sharing and Collaboration

To Advance Our Response to Threats, We Also Must Draw on Creativity, Sharing and Collaboration

Time and again, when faced with challenges, humans respond with creativity, sharing and collaboration. 

To Advance Our Response to Threats, We Also Must Draw on Creativity, Sharing and Collaboration

Time and again, when faced with challenges, humans respond with creativity, sharing and collaboration. 

During the bubonic plague that ravaged the population of London beginning in 1665, Isaac Newton isolated himself at his family farm in the countryside where he pushed himself creatively to understand the law of gravity. Recently, medical device maker Medtronic made a bold move to share its patented ventilator designs with any company wanting to make them and help meet the demand spurred by the spread of COVID-19. And over the past few decades, through collaboration across the biomedical and scientific communities and public and private sectors, we’ve turned HIV from a death sentence to a chronic condition. People are living long, high-quality lives without fear of transmitting the disease to a partner. 

When humans rise to difficult situations, that’s when advancement happens. We see a strong parallel in the security industry. To advance our response to threats, we also must draw on creativity, sharing and collaboration.

Creativity comes from human intelligence. As Newton sought peace of mind in the country, security analysts must be freed up from day-to-day tasks to have time to apply their expertise creatively. A platform that enables focus, action and automation can help. It must bring together data from multiple sources, contextualize, prioritize and remove noise. With context you get an understanding of the who, what, where, when, why and how of an attack. Now you can apply insights, intuition and experience to analyze data and prioritize it for action, customizing global risk scores based on your own set of scoring parameters. This eliminates noise and allows you to focus on what is relevant to your organization and come up with effective approaches to detect and respond to attacks. 

Sharing of threat intelligence formally started about 20 years ago when Information Sharing and Analysis Centers (ISACs) came on the scene with the intent of helping organizations protect their infrastructure, employees and customers from cyberthreats targeting their specific industry. There are dozens of ISACs today including financial services, retail, energy, supply chain, you name it. If you can think of an industry there’s probably a corresponding ISAC. Much like Medtronic sharing its ventilator designs, these industry sharing groups can get you further down the path to better protection. Open Source Intelligence (OSINT) sources that offer free threat data can also provide valuable insights. Before you bring the intelligence from these shared sources into your analysis and investigation processes, take the time to curate it with context, scoring and prioritization so you can ensure relevance.

Collaboration holds the key to improved time to detection and response. The challenge is that many security operations or investigations are rife with chaos as teams act independently and inefficiently with limited visibility into the tasks other teams or team members are performing. With different people or teams working on independent tasks, important commonalities are missed so investigations take longer, hit a dead end or key information just falls through the cracks. A single collaborative environment that fuses together threat data, evidence and users, enables team members within and across teams to collaborate and improve security operations. Rather than working in parallel, they can automatically see how the work of others impacts and further benefits their own work. Managers of all the security teams can see the analysis unfolding, which allows them to act when and how they need to, coordinating tasks between teams and monitoring timelines and results. Akin to the teams battling HIV working together to turn the tide on a previously invisible foe, embedding collaboration into the investigation process enables teams to gain a better understanding of threats and take the right actions faster to more effectively mitigate risk.

During the past few months, the stories we’ve read and the examples we’ve seen of people doing good around the world and in our neighborhoods have reminded us of the power of human creativity, sharing and collaboration to overcome challenges. As security professionals, let’s apply these lessons to help us keep businesses moving forward safely.

Advertisement. Scroll to continue reading.
Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.