The State of IT Automation: New Pressures Invite New Opportunities Read Report

3 Needs to Accelerate Security Incident Response: Security Exchange 2018 Recap

3 Needs to Accelerate Security Incident Response: Security Exchange 2018 Recap
June 7, 2018 • Resolve Staffer

Resolve Systems was a showcase sponsor at the M.Tech Security Exchange event to discuss best practices and automation use cases for enterprise-wide security incident response. Primarily speaking to the audience, Resolve Systems explained how to help comply to the omnibus cybersecurity law protecting the 11 Critical Information Infrastructure (CII) sectors: Aviation, financial services, energy, public, healthcare, information and communications services, land and martime transport, security and emergency services, water supply, and media.

“The Act also rightly places the responsibility of cyber security on CII owners by clarifying their responsibility to conduct audits, risk assessments and participate in exercises. These are critical for the effective implementation of good cybersecurity policies and practices,” said David Koh, Cyber Security Agency of Singapore (CSA) CEO and Singapore’s Cybersecurity Commissioner.

Want more information of Singapore’s omnibus legislation? Read the Definitive Guide now.

Attendees of this event play a critical role in security incident response, spanning the 11 sectors most at risk. The Resolve Systems team was able to discuss the 3 most important needs to accelerate security incident response to help comply with the regulation and protect CII.

Need: Empower your Security Operations Team with Out-of-the-Box Automation

As discussed at the event, and confirmed in a recent ServiceNow/Ponemon report, Singapore is struggling with insufficient resources to keep up with cybersecurity vulnerabilities. In fact, 78% of Singapore businesses report they can’t stay ahead of just patch volume, which is a leading cause of breaches.

With a security incident response automation and orchestration platform, you can:

  1. Capture the knowledge in a single repository
  2. Make knowledge available in real time
  3. Identify the most common issues
  4. Automate steps as needed, across departments
  5. Selectively automate while providing insight into response and still allowing humans to make decisions

An automation solution that can do a health check to assess software updates and patching issues takes this time consuming task off the plate of the security engineers so they can focus on more pressing issues, while mitigating the risk of a breach.

Need: An Enterprise-wide Solution to Bridge Technology Silos

Security Incident Response and triage requires input from multiple domain experts, from network to IT to security operations, for an effective security incident response plan. Collaboration difficulties between security, IT, and other technical groups choke incident response progress. Regardless of your industry, there is an influx of emerging technology, but how can you connect and extend legacy systems?

  • 42% of organizations report aging technology solutions are not effective with their volume of data. So how are you to optimize these investments, reduce the silos, and make sure your current employees are trained on legacy systems?
  • 73% of companies do not have a common view between their IT Operations and cybersecurity operations team

Regain the time lost coordinating across these technical and knowledge silos by breaking down the obstacles between security and IT with an enterprise-wide solution. Can the security operations team continue to succeed with only informal, ad hoc support from other technical teams? You’ll see this in the news headlines – the answer is no.

For effective security incident response, look at a solution like Resolve for a single pane of glass view that allows a security analyst to partner with system administrators in the relevant/affected technical team.

For more information about how Security Incident Response needs to reach beyond the SOC to achieve resolution, read the white paper now.

Need: Define your Security Incident Response Plan to Alleviate Process Gaps

Since adding cybersecurity talent may not be possible as research suggests cybersecurity skills shortage is in fact getting worse, adding cybersecurity talent may not be possible. Just in Singapore alone, cyberattack volume increased by 14% last year, the severity of which increased by 25%! When you add to this the compounding issues of process gaps – in particular, when 57% say critical data and information for effective response is neglected because emails and spreadsheets are used to manage processes – what can be done?

“Cyber threats show no sign of abating,” said Mr. Koh.

To aide cybersecurity awareness, Singapore’s CSA launched a new campaign called Cyber Tips 4 You, which focuses on:

  1. Using anti-virus software
  2. Strengthening passwords and enabling Two-Factor Authentication (2FA)
  3. Spotting phishing attacks – which are still the leading cause of incidents
  4. Updating software as soon as possible

These 4 targets are part of a larger plan to improve awareness and increase the resiliency of Singapore. An average of 10 days was lost to Singapore’s security operations teams due to manually coordinating activies across teams and 60% say manual processes put them at a disadvantage with vulnerabilities.

What can be done? Prioritize the response effort with a security incident response plan focused on continuous improvement and automating one step at a time, and always have a contingency plan.

58% of cybersecurity professionals in Singapore attribute the root cause of data breaches in their organization to human errors. There are many vulnerabilities when responding to incidents; is there a way to mitigate the risk of human oversight?

A few steps can be taken to mitigate a breach, unite IT and security teams, and instill process improvement with automation:

  1. Assemble a cross-functional team for successful, enterprise-wide security incident response
  2. Decrease dependencies on human interaction using human-guided automation
  3. Formalize a security incident response plan with standards, roles, and automated response
  4. Implement the right automation to start small and deliver quick, quality improvements
  5. Track which processes can either be fully or partially automated to save valuable time and resources and pick a scalable technology platform, like Resolve

If you’re looking to reduce MTTR and do more with less through automation and orchestration, read more about Resolve’s security incident response solution.


About the Author, Resolve Staffer:

This post was written by one of the awesome contributors on the Resolve team.

Recommended Reads

How Telcos Can Rein in 5G Challenges with AIOPs and IT Process Automation

How Telcos Can Rein in 5G Challenges with AIOPs and IT Process Automation

Learn more about the top 3 challenges and how to overcome them.

The Rise of the Cognitive NOC and the Role of IT Process Automation

The Rise of the Cognitive NOC and the Role of IT Process Automation

Find out how the Cognitive NOC has become the driving force in network management.

What Is the Network Operations Center (NOC): A Brief Overview

What Is the Network Operations Center (NOC): A Brief Overview

How to make your NOC performance reach its full potential.