The Race to Cyber Security
This is perspective from one of AT&T Cybersecurity’s MSSP partners, CyberHat.
Formula 1 is a serious business. It takes years of expertise and practical foot work to design, build and operate a winning Formula 1 team. It’s easy to think that success depends on the car and the technology. But, in reality, a cutting-edge engine in the best car in the world can’t win a race alone. Without an expert driver and a highly experienced and dedicated support team, you just can’t finish first.
When it comes to cyber security, everyone wants to win the race of protecting their assets and detecting and responding to threats to mitigate risk. Most organizations today will invest heavily in cyber security technology–buying it, integrating it and implementing into the organization–yet very few will focus on the teams driving the technology, supporting and utilizing it.
It’s a simple belief that if you get a good enough car, you don’t need to be a good driver. The reality is exactly the opposite: If you’re a good enough driver, you can get a lot out of pretty much every car.
Today, more and more companies are looking for fully encompassing cyber security solutions and are gradually consolidating into security operation centers (SOCs) to help manage their security issues. This is a smart move. SOCs are where cyber security teams detect, analyze and respond to threats on an organization. Their core task is to use the tools and skills at hand in order to provide the organization with an ongoing, relevant and professional security posture.
Yet,in the current cyber security landscape, not all SOCs were created equal. It is important to understand what components are imperative for a SOC to be most effective.
Formula 1 fact: The best Formula 1 Pit Crew can refuel and change a tire in just 3 seconds.
Formula 1 pit crew members are the best in their field, and they are dedicated to a strong set of processes. This is true for the SOC team, as well. High expertise and seamless teamwork are important to effectively curtailing the dangers of cyber attacks and navigating the cyber field safely and in a timely manner. Many SOCs have dedicated Tier 1/2 analysts who can “change tires” and “refuel” seamlessly on the usual runbook procedures for many common or predictable cyber threats. However, they are not experts in managing larger scale incidents–like a “blown gasket” or “jammed piston.” In the Formula 1 world, these incidents would require the response of a more experienced mechanical team; in a SOC, they would requite the services of Tier 3/4 Analysts.
These are highly trained specialized professionals with in-depth experience who are able to tackle complex, unusual incidences and attacks under severe time pressure. For example, sometimes cyber attacks cannot be detected, deflected or blocked before they begin. Then it is the SOC’s responsibility to