Episode 2 – Tactical Security Intelligence and Zero Trust Architecture: How to Adapt Your SIEM and SOC

Welcome to another episode of Infralytics. This episode brings together Shankar Radhakrishnan, Founder of Skedler, and Justin Henderson. Justin is a certified SANS instructor and a member of the Cyber Guardian Blue team at SANS, authoring a number of courses at SANS. Justin is also the Founder and lead consultant at H&A Security Solutions.

Together, Shankar and Justin discuss the intricacies of “Tactical Security Intelligence and Zero Trust Architecture: How to adapt your SIEM and SOC​” during their informative video podcast. Let’s recap their discussion and learn more about what sets tactical security intelligence and zero trust architectures apart from other cybersecurity approaches.

[video_embed video=”0p2PDLyByLg” parameters=”” mp4=”” ogv=”” placeholder=”” width=”700″ height=”400″]

What is Tactical Security Intelligence?

Tactical security intelligence provides information about the tactics, techniques, and procedures (TTPs) used by threat actors to achieve their goals (e.g., to compromise networks, exfiltrate data, and so on). It’s intended to help defenders understand how their organization is likely to be attacked, so they can determine whether appropriate detection and mitigation mechanisms exist or whether they need to be implemented.

What Sources of Data/Information Can Be Divulged?

Tactical security intelligence can divulge what tools threat actors are using during the course of their operations to compromise target networks and exfiltrate data. This type of information will usually come from post-mortem analyses of successful or unsuccessful attacks, and will ideally include details of the specific malware or exploit kits used. It can also identify the specific techniques that threat actors are using to delay or avoid detection. Justin Henderson tells us that most organizations are using tactical security intelligence to “[perform] critical alerting and monitoring back where the data normally resides. The best visibility to see the attacker doesn’t exist there, it exists earlier on like the desktops and laptops.”

How do you adapt your SIEM platform for effective tactical intelligence?

In some cases, tactical security intelligence will highlight the need for an organization to invest additional resources in order to address a specific threat. Your tactical security intelligence may lead you to implement a new security protocol or reconfigure an existing technology in order to simplify matters and continue driving innovation forward while averting serious threats. Unfortunately, incident response efficacy relies heavily on human expertise, therefore it can be more difficult to measure the impact of tactical threat intelligence when it comes to identifying serious threats. This is why when supplementing your SIEM platform with tactical security intelligence solutions, it’s best to implement a strong feedback loop between frontline defenders and your threat intelligence experts to ensure more robust network protection.

What is Zero Trust and How Does it Differ From Other Approaches?

Zero trust, as an approach is a reflection of the current, modern working environment that more and more organizations are embracing now. Under the zero trust approach, organizations trust nothing, but verify everything. This approach requires logging, authentication and encryption of all data communication. While it is impossible to fully implement zero trust, Justin Henderson tells us that the best way to go about managing Zero Trust is to “know a baseline, find deviations, then investigate.” The approach is considered as all-pervasive, capable of powering not only large, but also small-scale organizations across various types of industries.

How Does Zero Trust Impact Your SOC?

To protect, adopting a zero trust approach may be your best bet for success as it allows your organization to seamlessly monitor suspicious activity. This real-time data exposure allows your IT team to reduce the potential for security exposure, thereby giving them the ability to leverage the power of their SOC immediately. Doing so can help your organization sidestep a data breach which can cost $3.9 million on average per a 2019 Ponemon Institute report.

Don’t forget to subscribe and review us below because we want to help others like you improve their IT operations, security operations and streamline business operations. If you want to learn more about Skedler and how we can help you just go to Skedler.com where you’ll find tons of information on Kibana, Grafana, and Elastic Stack reporting. You can also download a free trial with us, so you can see how it all works at skedler.com/download. Thanks for joining and we’ll see you next episode.

Episode 1 – AI Usage in Cybersecurity – is it hype/real? The Infralytics Show interview with Bharat Kandanoor, Head of Technology for Security and Cloud at Blue Ally

Shankar Radhakrishnan, Founder of Skedler, recently sat down with Bharat Kandanoor to discuss the use of Artificial Intelligence (AI) in cybersecurity. Bharat, who is the Technology Head for cybersecurity and cloud at Blue Ally, a managed service provider, was able to shed light on the intricacies of AI’s usage in cybersecurity processes. Let’s dive deep into understanding whether AI is an overhyped cybersecurity solution, how it is being used to tackle network security problems, and how AI may be able to create a better cybersecurity future for the end user.

See and listen to the Infralytics Show  interview with Bharat Kandanoor

[video_embed video=”L9i4ESNEFpM” parameters=”” mp4=”” ogv=”” placeholder=”” width=”700″ height=”400″]

Is AI in Cybersecurity Overhyped or Not?

69% of enterprises believe AI will be necessary to respond to cyberattacks, with U.S.-based enterprises placing a more than 15% higher priority on AI-based cybersecurity applications and platforms than the global average when measured on a country basis. Is this level of AI adoption a response to measurable cyber threats that AI can help to remediate or is it merely an overhyped reach by firms around the world? Bharat Kandanoor tells us in our exclusive one-on-one video podcast that “Artificial Intelligence is being used as an overhyped terminology in general.” Bharat goes on to explain that “everyone expects using AI can solve lots of problems, but not necessarily can it do that.”

All in all, these AI tools will always have big drawbacks due to it being an overhyped solution. Bharat explains that “AI can give valuable actionable information, but at the end of the day, it is a human who can decide if the data is an anomaly or not.” It is with this human interaction that data anomalies can be found and analyzed by a human operator who is focused on the end goal of long-term data and network protection at all times.

Using AI to Tackle Cybersecurity Problems

AI has the ability to weed through the plethora of incident response data and find a solution exponentially faster than humans are able to. With AI, you can drill deeper into your data to pull out actionable insights that can help your team work more efficiently and effectively to detect anomalies using behavior analytics, network traffic analysis, and email scanning solutions for phishing/spear phishing attacks.

Small-to-Medium Enterprises (SMEs) struggling with cybersecurity have more to lose than their data and potential profits; the loss could stretch to their customers. AI-enabled technologies allow organizations of all sizes to implement a healthy security posture, from network monitoring and risk control to detecting rising cyber threats and recognizing the scam.  With more SMEs looking to AI as their silver bullet solution in the face of a current shortage of more than 3 million cybersecurity experts globally, SMEs can use AI to react to existing cyber threats and head off new ones.

Incorporating AI Into Your SME’s Cybersecurity Strategy

Even though SMEs believe AI will positively affect their business, uptake of AI solutions within SMEs has been slow, with just a 4% adoption rate per a 2019 report. No matter what the level of maturity is for an enterprise, it is vital that C-suite, IT, and security teams rationalize their existing technologies with solutions that can support their initiatives for a strong return on investment (ROI). Bharat explains that “It’s more of what fits into your use case and how you can make it work” when it comes to incorporating AI solutions into your cybersecurity plans. One AI solution may work for one SME where another may not. It’s just a matter of researching, testing, and finding the right solution for you.

Don’t forget to subscribe to the Infralytics Show Channel and review us because we want to help others like you improve their IT operations, security operations and streamline business operations. If you want to learn more about Skedler and how we can help you just go to Skedler.com where you’ll find tons of information on Kibana, Grafana, and Elastic Stack reporting. You can also download a free trial with us, so you can see how it all works at skedler.com/download. Thanks for joining and we’ll see you next episode.