Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

M&A Tracker

Security Operations: Don’t Forget the Rest of the World

As cliché as the saying is, it is quite true that we live in a global world. It’s not uncommon for a large enterprise to operate in 100 countries or more. Many of us routinely work together with and collaborate with people across several continents. As businesses have gone global, their respective security operations programs need to be global as well.

As cliché as the saying is, it is quite true that we live in a global world. It’s not uncommon for a large enterprise to operate in 100 countries or more. Many of us routinely work together with and collaborate with people across several continents. As businesses have gone global, their respective security operations programs need to be global as well.

As obvious as this statement may sound, taking a security operations program global is something deeply challenging for many organizations. More often than not, information security efforts and resources tend to be concentrated more heavily around the organization’s home country and region. Theories abound as to why, but in practice, going global with security involves many intricate and complex details. I’d like to discuss a few points to consider when going global with security operations in this piece. Though far from exhaustive, I hope it will be helpful for the reader.

Visibility

Whether a business grows organically, through investments, or via mergers and acquisitions (M&A), it can be difficult for the security team to keep up. One of the biggest challenges that comes along with business growth is maintaining proper visibility across the enterprise to support security operations. Some important questions to consider are:

Word Map - Cyber

• Is there a good relationship between the business side and the security side to keep abreast of business expansion?

• Can I leverage my business relationships to keep tabs on new information technology assets?

• Do I know what my network looks like?

• Do I know how many ingress/egress points I have and where they are?

Advertisement. Scroll to continue reading.

• Do I have sufficient logging and alerting at each point of presence?

• Is my intelligence sourced in a geographically diverse manner, or is it primarily sourced from one geographic location?

People

People always play an important role in the security operations picture, but particularly in a global world. With people and assets spanning the globe, having the right people, not only within the security team, but also across the various different locales becomes extremely important. Some relevant questions include:

• Do I have the necessary relationships with the appropriate local IT staff for containment, remediation, and other needs?

• Am I aware of local laws and regulations governing data protection, privacy, and/or getting equipment in and out of local facilities?

• Do I have the appropriate human resources to scale to 24×7 coverage (whether centralized or decentralized)?

• Does the team have the skills and expertise required to successfully monitor a geographically diverse enterprise?

Process

Process is the glue that holds people and technology together within a security operations environment. Process helps to bring order to the chaos and maximize the efficiency of available resources, both human and machine. As the business grows, so does the importance of process. Here are a few points to consider:

• Do I understand the risks and threats unique to each geographic area?

• Can I develop the appropriate alerting aligned to the risks and threats faced by each geographic area?

• Do I have the ability to trace events back to individual endpoints and users at all locations?

• Am I able to perform incident response and forensics at all locations?

• Do I have the ability to contain and remediate at all locations?

• Am I devoting proportionate attention to all sites around the world?

Technology

Of course, without technology, people and process cannot function effectively. Going global as a business means going global with security technology as well. If there are information technology assets and/or sensitive data in a location, there needs to be security at that location as well. Interesting ideas to consider are:

• Have I covered all ingress/egress sites and all points of presence on the network?

• Do I have a consistent security technology stack to ensure people can maintain proficiency and that operations and maintenance (O&M) is simplified?

• Do I have the ability to ensure uptime and reliability of the security stack in all locations?

• Do I have consistent controls across the network and endpoints?

• Am I able to log and alert as necessary at all locations?

Workflow

As we know, people, process, and technology work together and flow directly into the security operations workflow. Globalization can introduce complexities into this workflow that can impede the maturity of a security program. Here are a few points to consider regarding that:

• Do I have the ability to provide security operations 24×7?

• If I use a follow-the-sun model, do I have the ability to recruit, train, and retain the necessary talent across different geographic locations?

• Can I ensure smooth handoffs between shifts?

• Do I have the right tools to manage a round-the-clock, geographically diverse operation?

• Can I perform handoffs to local IT teams for containment and remediation?

Communication

As with any business function, communication is an integral part of a successful security operations function. Good communication is difficult to achieve on a local or national scale, and on a global scale, it is extremely difficult. Some thoughts to consider, while certainly not exhaustive, are:

• Can I manage policy, process, and communications across multiple languages and cultures?

• Will I be able to communicate effectively with local resources?

• Will the necessary training and documentation be accessible across geographically diverse locations and localized for specific languages as necessary?

Although home is where the heart is, it’s important to remember not to devote the overwhelming percentage of security resources to your home geographic area if that’s not where the overwhelming amount of your business and its assets are located. Although challenging, taking security operations global is the new normal for the 21st century enterprise. While far from an exhaustive guide to taking security operations global, hopefully this piece has been able to highlight some points to consider for the global security operation.

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...