The world we live in today is the result of an evolution that started back in they days of the “Moonlight Maze” attacks in the late 1990s. What the security community has come to realize over the past decade is that the advanced threat is not just a phenomenon isolated to critical government systems, nor is it simply a matter of “one and done” attacks that have a single intent. In our highly connected world, nearly any company can be the focus of sophisticated, determined attacks, whether for the digital information they possess, or as a stepping stone to another target somewhere else in their digital supply chain. This is why we’ve created the RSA Next Generation Security Operations Center (SOC) design and implementation services approach.
As we evolve from the hard lessons learned from the early days of “Moonlight Maze,” our advanced cyber adversaries continue to rapidly shift their attack techniques, tactics and procedures (TTPs) as a force multiplier across the global cyber ecosystem of finance, energy, manufacturing, life sciences, defense, academia and other tightly coupled industries as primary and “switch targets.” But as companies begin shifting their focus towards more agile analytics-based approaches, they often find that not only do the technologies they use need to change, but their operational processes and tactics must evolve also.
The new RSA Next Generation Security Operations Center (SOC) approach is designed as a reference architecture to quickly adapt to and ramp from any organization’s current state security operating model to transform from purely reactive security practices to a predictive intelligence-driven foundation. Gone are the days of ad hoc and inefficient operating processes, poor technology utilization and alert-based investigations with little to no context-based analytics.
I have been with RSA’s Advanced Cyber Defense (ACD) practice since its inception about two years ago and what we have done is drive a repeatable and sustainable design and development life cycle in four discrete phases comprised of capability “turn ups,” maturity and effectiveness modules for small, medium and large enterprises.
Coming from the roots of security analysis, investigations and forensics, what I always lacked was the perfect triad of actionable data fusion; a) The Alert; b) Threat Context; and c) Correlated Security Data. When presented in a unified method within the Next Generation SOC, analysts and operators can make real-time decisions before it becomes a material impact to their organization. This is truly transformative and will certainly take time as intelligence as a driver for Security Analytics is adopted as a framework for this evolution. Readiness and preparedness is at the forefront as stated in a recent blog by Pitney Bowes in “Data Breach Readiness – An Ounce of Plan is Worth a Pound of Cure.”
“It’s less a question of if you will suffer an incident, but when.” The ability to respond with immediacy and consistency can help to mitigate the potential financial and reputational impacts to the company.
Tags: advanced threats, data security, log analysis, network forensics, network monitoring, security analytics, security operations, security threats, siem