To Advance Our Response to Threats, We Also Must Draw on Creativity, Sharing and Collaboration
Time and again, when faced with challenges, humans respond with creativity, sharing and collaboration.
During the bubonic plague that ravaged the population of London beginning in 1665, Isaac Newton isolated himself at his family farm in the countryside where he pushed himself creatively to understand the law of gravity. Recently, medical device maker Medtronic made a bold move to share its patented ventilator designs with any company wanting to make them and help meet the demand spurred by the spread of COVID-19. And over the past few decades, through collaboration across the biomedical and scientific communities and public and private sectors, we’ve turned HIV from a death sentence to a chronic condition. People are living long, high-quality lives without fear of transmitting the disease to a partner.
When humans rise to difficult situations, that’s when advancement happens. We see a strong parallel in the security industry. To advance our response to threats, we also must draw on creativity, sharing and collaboration.
Creativity comes from human intelligence. As Newton sought peace of mind in the country, security analysts must be freed up from day-to-day tasks to have time to apply their expertise creatively. A platform that enables focus, action and automation can help. It must bring together data from multiple sources, contextualize, prioritize and remove noise. With context you get an understanding of the who, what, where, when, why and how of an attack. Now you can apply insights, intuition and experience to analyze data and prioritize it for action, customizing global risk scores based on your own set of scoring parameters. This eliminates noise and allows you to focus on what is relevant to your organization and come up with effective approaches to detect and respond to attacks.
Sharing of threat intelligence formally started about 20 years ago when Information Sharing and Analysis Centers (ISACs) came on the scene with the intent of helping organizations protect their infrastructure, employees and customers from cyberthreats targeting their specific industry. There are dozens of ISACs today including financial services, retail, energy, supply chain, you name it. If you can think of an industry there’s probably a corresponding ISAC. Much like Medtronic sharing its ventilator designs, these industry sharing groups can get you further down the path to better protection. Open Source Intelligence (OSINT) sources that offer free threat data can also provide valuable insights. Before you bring the intelligence from these shared sources into your analysis and investigation processes, take the time to curate it with context, scoring and prioritization so you can ensure relevance.
Collaboration holds the key to improved time to detection and response. The challenge is that many security operations or investigations are rife with chaos as teams act independently and inefficiently with limited visibility into the tasks other teams or team members are performing. With different people or teams working on independent tasks, important commonalities are missed so investigations take longer, hit a dead end or key information just falls through the cracks. A single collaborative environment that fuses together threat data, evidence and users, enables team members within and across teams to collaborate and improve security operations. Rather than working in parallel, they can automatically see how the work of others impacts and further benefits their own work. Managers of all the security teams can see the analysis unfolding, which allows them to act when and how they need to, coordinating tasks between teams and monitoring timelines and results. Akin to the teams battling HIV working together to turn the tide on a previously invisible foe, embedding collaboration into the investigation process enables teams to gain a better understanding of threats and take the right actions faster to more effectively mitigate risk.
During the past few months, the stories we’ve read and the examples we’ve seen of people doing good around the world and in our neighborhoods have reminded us of the power of human creativity, sharing and collaboration to overcome challenges. As security professionals, let’s apply these lessons to help us keep businesses moving forward safely.