CISOs are struggling to manage non-cohesive teams with different technologies, implementing different processes with varying levels of security, thinks Jonathan Couch, SVP Strategy at ThreatQuotient.
ThreatQuotient strives to address gaps in operational capabilities that SIEM and other security technologies have created. ThreatQuotient provides a security operations platform that creates a threat-focused environment for security teams to collaborate, leveraging and enhancing current security tools.
Many security products just do not talk the same language in order to share information. Security solutions need to do a better job at forced collaboration for security teams. Each team and analyst are learning something about the environment or threat as they are doing their job and that information needs to be communicated to others.
It seems a simple concept, and there are standards out there for sharing, but they do not apply across products in operational environments. We need to do a better job at enabling people, process, and technology: not just technology niche capabilities that address a specific issue.
For years, the center of gravity for SOC operations has been the SIEM. It is a 20-year-old, multi-billion-dollar part of the industry that has candidly failed on the promise of delivering real operational capabilities for SOC teams.
CISOs face non-cohesive teams that all leverage different technologies, each requiring or implementing different processes that require varying levels of security and technical proficiency. CISOs struggle to pull this all together to communicate the security story to executives and the business.
Automation and integration seem to be the biggest projects we see in the market. Security teams are trying to do the traditional more with less, and that means automating repetitive processes and having your security environment do a better job of communicating between devices. The name of the game in current security teams is efficiency and effectiveness and that tends to lead down the path of automation, prioritisation, and collaboration.
In addition to actual security work, CISOs have an internal marketing responsibility to show the value of cybersecurity. They need to anticipate the regular questions from business leaders on important external threats, whether or not they will affect the business, and what security is doing to minimise the impact.
Security products and solutions need to help CISOs bridge the gap between the technical work of securing the enterprise with the marketing work of communicating the value of that security to the business.
Many of the skillsets will likely remain the same in the future. You will always need entry-level analysts that go through alerts and malware analysts or threat hunters that really understand code or threats and security technology. It is hoped that cybersecurity professionals could evolve to become more process-oriented.
Technologies need to allow analysts to understand the processes that adversaries use to breach networks and then leverage their own processes to anticipate and counter those activities. Focusing on processes removes the technical hurdles and provides more agility to our teams.