The agile cybersecurity team needs to do more with fewer resources: here’s how

Although most parts of a growing business benefit greatly from any ongoing process of digitisation, it’s the cyber security professionals who feel most under pressure as the business grows its online footprint. The more companies raise their heads above the parapet, the greater the target they present.

Across much of Asia, the speed of digital transformation is such that new attack vectors can be exposed – albeit accidentally – to malicious actors without the proper oversight or tools in place to keep the organisation safe. With a growing realisation that IT assets support critical infrastructure, companies rightly feel they have to ramp up their cyber security measures. In an increasing number of territories, there are now the twin pressures of protecting intellectual property from outside attack, and also remaining in step with government-mandated cyber security measures.

Singapore’s CSA (Cyber Security Agency) new certification programme’s two tiers (Cyber Essentials for SMEs and Cyber Trust for large enterprises) are at least helping to raise awareness of risk exposure in all business sectors. But companies will need to go further to remove themselves from the hackers’ “low-hanging fruit” category.

Greater exposure to threats from the internet, from internal compromise (so-called insider threats – read, disgruntled employees), and in a cloud-focused environment require a different approach to SecOps. When a business is agile, it and its IT infrastructure is not static. A new stance, therefore, must be proactive and leverage the most advanced technologies available to cyber security professionals today.

Traditional detection and response methods rely on reactions by cyber security officers responding to reports of anomalous behaviour or flags raised by static protection systems, like intrusion detection or perimeter-based agents. While older tools and methods should not be mothballed, the modern enterprise’s overall security approach needs to have an evolving approach to its potential problems. Threats and threat actors’ methods are also evolving.

https://www.youtube.com/watch?v=KYY77Oc_atI

The need for a more nimble stance has both technical and practical challenges. On a practical level, the shortage of properly trained and experienced cyber security staff is something that cannot be addressed in the short term. Therefore, chief security officers and decision makers in the enterprise should consider at least refreshing their security stack with toolsets that allow staff to work more effectively and make better use of the available resources.

Built from the combination of McAfee Enterprise and FireEye – two trusted leaders in cyber security – Trellix is a new global company redefining the future of cyber security. With nearly a quarter of companies finding it difficult to correlate and combine data from the range of security controls already in place, Trellix’s living, learning XDR (eXtended Detection and Response) ecosystem is a timely solution that adapts to the challenges of a business. The Trellix platform combines human analysis and intervention with advanced machine learning techniques to surface the early warning signs across the entire extended and elastic IT environment, from endpoint to network nodes and out across multiple clouds.

With more than 4,000 employees, the combined company has 35 years’ experience in the cybersecurity industry, and serves over 40,000 customers worldwide (including a majority of the Fortune 500), along with government agencies and businesses ranging from mid-size to the largest global enterprises. The Trellix platform gathers data from over a billion global sensors, enhances it with in-house proprietary threat intelligence data and applies AI and machine learning to prioritise alerts. With Trellix, SecOps teams have access to an industry-leading solution that allows them to quickly identify and ameliorate cyber security issues before they affect networks.

Most recently, the Log4j2 and Log4j vulnerabilities in the popular Java library that logs error messages in many applications have caused alarm on several fronts:

• Like much open-source software, Log4j2 is commonly used by developers and there are many instances left unaudited in the wild,
• Organisations across all industries have integrated Apache Log4j2 into many applications, providing a massive beachhead for cyber criminals,
• It is an extremely dangerous vulnerability used widely used in major platforms from Amazon Web Services to VMware,
• It allows attackers to exploit the vulnerability using text messages to control a computer remotely. For attackers it’s easy and simple.

Events around mitigation for Log4j and Log4j2 have placed incredible pressure on many cyber security practitioners and security operations teams. The question has to remain: where are the next widespread vulnerabilities? What mandates and processes are required to protect ubiquitous resources against these type of security holes? Trellix believes an adaptive, early-warning and dynamic extended detection and response architecture is the answer.

Reach out to Trellix today to discuss how you can redefine the future of threat detection, protection and response with living security.

Comments are closed.