How You Answer These Three Questions Reflects Your Incident Readiness

Security Teams Needs to Stay in Shape to Operate at Peak Performance and Effectively Deal With Today’s Complex and Relentless Sttacks

Fall ushers in a new sports season. We can feel the excitement in the air as many of us head to the stadium or tune in to watch our favorite players and teams. A lot of work happens behind the scenes to prepare for the season opener. Athletes start conditioning early, turning to personal trainers, nutritionists, and coaches to help ensure they can operate at peak performance when the competition heats up. In fact, those who are consistently at the top of their game tap into a team of outside experts year round.

Security teams must take a similar approach to “stay in shape” and mitigate the risk of increasingly formidable opponents. As the cybersecurity skills shortage continues, survey conducted by CIO, CSO, and Computerworld, found that 56 percent of respondents said that their organizations are enlisting outside consultants to help with information security strategy, and 40 percent said they’re turning to managed security service providers (MSSPs). The Computer Economics IT Spending and Staffing Outlook for 2017 finds that spending on security/privacy tops the list of IT priorities and corroborates the trend of outsourcing for better quality of service and cost savings.

MSSPs help alleviate the complexity of maintaining and managing a proliferation of security products and point solutions in order to get their full value. However, now security teams need more than that. We all recognize that it is no longer a matter of ‘if’ but ‘when’ an organization will get attacked. Security professionals must be prepared for the inevitable, and that means having a team of experts that can help you answer the following three questions:

1. What’s my plan when a data breach occurs?

2. How do I know what is in my network?

3. How can I make sure I have a team that knows my organization and can take action quickly when an attack happens?

To address these new requirements for threat detection and incident response, Managed Detection and Response (MDR) services have emerged with additional bench strength – people and advanced technology – to  provide the following capabilities:

1. Table Top Exercises (TTX) – Using a scenario created specifically for your organization and the types of threats you’re most concerned about, a TTX is a great starting point for developing a plan to deal with a breach. Participants should include a cross-section of key stakeholders from the organization, not just IT. During the day of testing a scenario is talked through with new information introduced along the way. These curve-balls change the scenario, mimicking the dynamic nature of attacks and investigations. Following the session you get an objective evaluation of the team’s performance including strengths, weaknesses, lessons learned, as well as recommendations for areas of improvement.

2. Threat Hunting – Proactively finding bad guys inside the network and stopping them as quickly as possible to mitigate damage is a new imperative for security teams. Threat hunting campaigns are designed to find evidence of a possible breach, investigate that system to determine what happened, how it happened, and other systems that also may have been affected in order to contain and remediate the attack. Using a wide range of tools like advanced security analytics technology, big data platforms, and threat intelligence, incident response experts can move quickly with better information. They can focus their hunting on assets that are more likely to have been breached, and reevaluate past events in light of the latest threat intelligence.

3. Retained Incident Response Services – Just as athletes need ongoing access to their team of coaches so that they can perform well even against the most formidable opponents, you need a full team available when an attack does happen. Finding and retaining elite, quality talent is a huge challenge given that the market need is outstripping the supply of skilled experts. That’s when a retained incident response service can help, jumping into action and supplementing your team during an attack. When they aren’t actively engaged in incident response they can help focus on and develop proactive efforts. In the process they’ll learn more about your organization which improves their efficiency and effectiveness during a response, while your internal team will be better able to handle other tasks that need attention.

Every security team needs to stay in shape to operate at peak performance and effectively deal with today’s complex and relentless attacks. Managed detection and response experts can elevate your performance – helping you to develop an effective plan, know what’s in your network, and be ready to act swiftly and comprehensively to mitigate damage when an attack happens.

view counter

Ashley Arbuckle, Cisco’s VP of Security Services, is responsible for the oversight and global delivery of the Cisco portfolio of Advisory, Implementation, and Managed Services, bringing a pragmatic approach to helping Cisco’s clients solve their most complex security challenges. Arbuckle started his career in security consulting at PwC working with Fortune 500 customers. After PwC he joined PepsiCo where he led enterprise security and the strategic planning process for PepsiCo’s IT budget of over $2 billion. He has a BBA in MIS and Accounting from the Rawls College of Business at Texas Tech University, is a CPA, and holds a CISSP and CISM.

Previous Columns by Ashley Arbuckle: