The Race to Cyber Security

Organizations can learn something from the way that Formula 1 pit crews and master mechanics work.

4 Min Read
Formula One Car Wheelspin
Getty Images

This is perspective from one of AT&T Cybersecurity’s MSSP partners, CyberHat.

Formula 1 is a serious business. It takes years of expertise and practical foot work to design, build and operate a winning Formula 1 team. It’s easy to think that success depends on the car and the technology. But, in reality, a cutting-edge engine in the best car in the world can’t win a race alone. Without an expert driver and a highly experienced and dedicated support team, you just can’t finish first.

When it comes to cyber security, everyone wants to win the race of protecting their assets and detecting and responding to threats to mitigate risk. Most organizations today will invest heavily in cyber security technology–buying it, integrating it and implementing into the organization–yet very few will focus on the teams driving the technology, supporting and utilizing it.

It’s a simple belief that if you get a good enough car, you don’t need to be a good driver. The reality is exactly the opposite: If you’re a good enough driver, you can get a lot out of pretty much every car.

Today, more and more companies are looking for fully encompassing cyber security solutions and are gradually consolidating into security operation centers (SOCs) to help manage their security issues. This is a smart move. SOCs are where cyber security teams detect, analyze and respond to threats on an organization. Their core task is to use the tools and skills at hand in order to provide the organization with an ongoing, relevant and professional security posture.

Yet,in the current cyber security landscape, not all SOCs were created equal. It is important to understand what components are imperative for a SOC to be most effective.

Formula 1 fact: The best Formula 1 Pit Crew can refuel and change a tire in just 3 seconds.

Formula 1 pit crew members are the best in their field, and they are dedicated to a strong set of processes. This is true for the SOC team, as well. High expertise and seamless teamwork are important to effectively curtailing the dangers of cyber attacks and navigating the cyber field safely and in a timely manner. Many SOCs have dedicated Tier 1/2 analysts who can “change tires” and “refuel” seamlessly on the usual runbook procedures for many common or predictable cyber threats. However, they are not experts in managing larger scale incidents–like a “blown gasket” or “jammed piston.” In the Formula 1 world, these incidents would require the response of a more experienced mechanical team; in a SOC, they would requite the services of Tier 3/4 Analysts.

These are highly trained specialized professionals with in-depth experience who are able to tackle complex, unusual incidences and attacks under severe time pressure. For example, sometimes cyber attacks cannot be detected, deflected or blocked before they begin. Then it is the SOC’s responsibility to contain and protect, as well as to investigate and conduct a meticulous analysis for preventing similar incidences through a dedicated forensics team. The forensics team of a SOC is dedicated to evaluating necessary damage repair and implementing novel  or near real-time responses.

The core trade for a professional is the old saying “practice makes perfect.” It’s a simple matter of constantly getting your hands dirty with the nitty-gritty work, repeatedly executing complex tasks in as versatile an environment as possible. This is the only way to become a professional and the only way to stay one.

Not all security issues are as dramatic as a direct attack, but are measured in how “ready” your organization is for the when scenarios. In the race to being secure, organizations many times fail to properly calibrate or stay up to date with internal components–whether it is infrastructure or personnel. A dedicated SOC has an onboarding team that ensures that specific security and IT elements like security incident event management systems (SIEM systems) are properly configured and calibrated, and that employees are properly trained to understand, analyze and act in response output.

Just like a Formula 1 team, when a SOC has a solid, strong and professional cyber security team, the synergy in the teamwork ensures optimal performance and protection within the dynamic and complex cyber security world. Professionalism is the key to effectively curtailing the dangers of cyber attacks. Ensuring a complete, professional and experienced team is what turns an ordinary team into a winning team.

As it is said, the whole is only as good as the sum of its parts.

This guest blog is part of a Channel Futures sponsorship.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like