by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : January 2015
PAUL NGUYEN is president of global security solutions at CSG Invotas. Commentary | PAUL NGUYEN In less than a decade, cyberattack- ers have grown from a collection of talented mischief-makers into an aggregated, hyper-competitive, multibillion-dollar industry. Players range from global crime syndicates to nation states, and they can adopt roles that bend and shift depending on the outcome each player hopes to achieve. But whatever the endgame, no organization has enough money, people or security intelligence to sift through all the data feeds that security information and event man- agement (SIEM) tools and other enterprisewide systems provide fast enough to keep organizations secure. To defend against sophisticated security breaches, companies deploy multilayered systems: heuristic- based protection, next-generation firewalls, intrusion-prevention sys- tems, antivirus software and other common tools of the trade. Those systems do the grunt work of detec- tion and protection by identifying easily recognizable inbound attacks. But when attacks look like legitimate traffic, how can common tools identify patterns? How do they know what to defend against when the code behind the attack can change its approach at will — and at machine speed — to escape detection? Modern threats can substantially increase the signal-to-noise ratio between what defensive systems see as threats and what actually constitutes an attack. Offensive scanning slows down as SIEM tools contend with inflated security- event logs flooded with terabytes of complex intersystem chatter. For some organizations, there can be more attacks in one hour than a well-staffed team can address in an entire day. The old-school security opera- tions center (SOC) was a physical command center built around a SIEM tool. The arrangement had its advantages: Housing security opera- tions in a single physical location promoted convenient security and control measures. Neither flexibility nor scale came into the equation, but then, neither did extended risk parameters. Today’s SOC must contend with social, mobile and cloud-based solu- tions. It must blend myriad tools from third-party providers at mul- tiple points in the security chain. Everything from antivirus software to data collection and analytics must be integrated into the SOC and into the security protocols the SOC supports. To be successful, the SOC must also automate threat intelligence and attack responses in real time. Destroying security silos and unifying technologies can put an SOC on the fast track to success. Today’s SOC must also support the ability to act automatically at machine speed — a necessary but elusive requirement that is nearly impossible for a legacy SOC to meet. Automation can be scary for organizations charged with protect- ing personal and proprietary data, but orchestrating the many tech- nologies and processes already in place allows organizations to act quickly and decisively. Orchestra- tion keeps complex decisions in the hands of the professionals trained to make them, while automating predefined repeatable actions that voraciously consume analyst time. Importantly, today’s SOC isn’t even a “center” in the strictest sense of the word. The enterprisewide use of orchestration and automation solutions means security admin- istrators need not be physically present to respond to threats. Smart automation deployment requires fewer hands to accomplish every- day tasks and maximizes the effec- tiveness of security team members. Coordinated, automated, human- in-the-loop strategies create speed. Speed to respond to an attack. Speed to remediate the effects of the attack. Speed to return to day- to-day operations. Speed effectively creates time. And time, after all, is an agency’s most valuable asset in the event of a breach. It’s also the one thing nei- ther money nor people can buy. n Burning down the legacy SOC Automation and the orchestration of multiple systems are essential to defending against today’s cyber threats, which requires a new approach to security operations centers Destroying security silos and unifying technologies can put an SOC on the fast track to success. January 2015 FCW.COM 11 0115fcw_011.indd 11 1/6/15 1:48 PM
November and December 2014