Episode 3 – Are Today’s SOC Ready to Handle Emerging Cyber Threats?

Shankar Radhakrishnan, Founder of Skedler, recently sat down with the Director of Security Operations at Rocus Networks aka Corvid Cyber Defense, John Britton to discuss the top cyber threats that businesses face and if Security Operations Centers (SOCs) are prepared to handle them. John was able to provide a wealth of knowledge on these specific talking points and give us a higher level view of how cyber threats have evolved. Without further ado, let’s review the top cyber threats that plague businesses and if SOCs are up to the task of combatting these threats before they become an issue.

[video_embed video=”eKMmycRGMRY” parameters=”” mp4=”” ogv=”” placeholder=”” width=”700″ height=”400″]

Today’s Top Cyber Threats  

While small and midsized businesses are increasingly targets for cybercriminals, companies are struggling to devote enough resources to protect their technology from attack. John describes how “5 or 6 years ago, if someone wanted to go steal some money, they would go to a bank,” John goes on to explain that “today, the way that the internet has connected everybody and all businesses are now operationalized to be ‘always on,’ every organization is targetable.” These small businesses don’t have access to a large information technology staff and many don’t have expensive, sophisticated software designed to monitor their systems. This leaves them literally defenseless against these types of cyber-attacks.

John tells us that “the biggest thing that really affects any organization is the people because people make mistakes and they can be manipulated out of things.” This why being aware of the tactics and methods used by hackers implementing social engineering attacks and applying them to our everyday lives is the key to a solid defense. As more organizations experience these types of attacks, more will become aware of ways to internally combat them; in the meantime, it’s best to look to the guidance of an SOC to help you keep the ship afloat in rocky cyber waters. 

What Techniques are Hackers Using?

A recent Ponemon Institute-Keeper report showed that 66% of organizations surveyed have experienced a breach within the last 12 months. Since businesses are still proving to be vulnerable to cyberattacks, it’s clear that more needs to be done so they adapt to a fast-moving and ever-increasing threat landscape. In their quest to achieve this goal, businesses are continuing to invest in their IT security and systems.

John explains that “we find that, at least this year, that the biggest threat to any organization is social engineering.” One eye-opening statistic to understand is that 64% of companies have experienced web-based attacks with 62% experiencing phishing & social engineering attacks.  Social engineering attacks are especially dangerous because all it takes is one weak link in an organization to initiate a damaging event. Companies need to remain vigilant when it comes to cybersecurity, because social engineering is only going to get more sophisticated in the future.

Are SOCs Prepared to Handle These Threats? 

SMBs have continued to embrace mobile devices as a way to run their businesses recently which has led to an increase in convenience and efficiency that comes at a price. That price is the diminished role of cybersecurity in their companies. John explains that, in the future, “organizations are going to [need] security as a 24/7 monitoring, data retention, and policy assessments.” SOCs are well up to the task provide companies of all sizes with innovative solutions that are integrated to work efficiently, ensuring that they always have the strongest and most effective cybersecurity defense at their disposal.

Don’t forget to subscribe and review us below because we want to help others like you improve their IT operations, security operations and streamline business operations. If you want to learn more about Skedler and how we can help you just go to Skedler.com where you’ll find tons of information on Kibana, Grafana, and Elastic Stack reporting. You can also download a free trial with us, so you can see how it all works at skedler.com/download. Thanks for joining and we’ll see you next episode.

Episode 2 – Tactical Security Intelligence and Zero Trust Architecture: How to Adapt Your SIEM and SOC

Welcome to another episode of Infralytics. This episode brings together Shankar Radhakrishnan, Founder of Skedler, and Justin Henderson. Justin is a certified SANS instructor and a member of the Cyber Guardian Blue team at SANS, authoring a number of courses at SANS. Justin is also the Founder and lead consultant at H&A Security Solutions.

Together, Shankar and Justin discuss the intricacies of “Tactical Security Intelligence and Zero Trust Architecture: How to adapt your SIEM and SOC​” during their informative video podcast. Let’s recap their discussion and learn more about what sets tactical security intelligence and zero trust architectures apart from other cybersecurity approaches.

[video_embed video=”0p2PDLyByLg” parameters=”” mp4=”” ogv=”” placeholder=”” width=”700″ height=”400″]

What is Tactical Security Intelligence?

Tactical security intelligence provides information about the tactics, techniques, and procedures (TTPs) used by threat actors to achieve their goals (e.g., to compromise networks, exfiltrate data, and so on). It’s intended to help defenders understand how their organization is likely to be attacked, so they can determine whether appropriate detection and mitigation mechanisms exist or whether they need to be implemented.

What Sources of Data/Information Can Be Divulged?

Tactical security intelligence can divulge what tools threat actors are using during the course of their operations to compromise target networks and exfiltrate data. This type of information will usually come from post-mortem analyses of successful or unsuccessful attacks, and will ideally include details of the specific malware or exploit kits used. It can also identify the specific techniques that threat actors are using to delay or avoid detection. Justin Henderson tells us that most organizations are using tactical security intelligence to “[perform] critical alerting and monitoring back where the data normally resides. The best visibility to see the attacker doesn’t exist there, it exists earlier on like the desktops and laptops.”

How do you adapt your SIEM platform for effective tactical intelligence?

In some cases, tactical security intelligence will highlight the need for an organization to invest additional resources in order to address a specific threat. Your tactical security intelligence may lead you to implement a new security protocol or reconfigure an existing technology in order to simplify matters and continue driving innovation forward while averting serious threats. Unfortunately, incident response efficacy relies heavily on human expertise, therefore it can be more difficult to measure the impact of tactical threat intelligence when it comes to identifying serious threats. This is why when supplementing your SIEM platform with tactical security intelligence solutions, it’s best to implement a strong feedback loop between frontline defenders and your threat intelligence experts to ensure more robust network protection.

What is Zero Trust and How Does it Differ From Other Approaches?

Zero trust, as an approach is a reflection of the current, modern working environment that more and more organizations are embracing now. Under the zero trust approach, organizations trust nothing, but verify everything. This approach requires logging, authentication and encryption of all data communication. While it is impossible to fully implement zero trust, Justin Henderson tells us that the best way to go about managing Zero Trust is to “know a baseline, find deviations, then investigate.” The approach is considered as all-pervasive, capable of powering not only large, but also small-scale organizations across various types of industries.

How Does Zero Trust Impact Your SOC?

To protect, adopting a zero trust approach may be your best bet for success as it allows your organization to seamlessly monitor suspicious activity. This real-time data exposure allows your IT team to reduce the potential for security exposure, thereby giving them the ability to leverage the power of their SOC immediately. Doing so can help your organization sidestep a data breach which can cost $3.9 million on average per a 2019 Ponemon Institute report.

Don’t forget to subscribe and review us below because we want to help others like you improve their IT operations, security operations and streamline business operations. If you want to learn more about Skedler and how we can help you just go to Skedler.com where you’ll find tons of information on Kibana, Grafana, and Elastic Stack reporting. You can also download a free trial with us, so you can see how it all works at skedler.com/download. Thanks for joining and we’ll see you next episode.