RSAC 2022 validated how complex and difficult security can be, not only to understand the full picture, but also to maintain it. Here are three trends discussed at RSAC 2022 that can help enlighten and unburden organizations.
Simplify your cybersecurity
Cybersecurity must be identified as a top 5 risk in ANY organization. It is becoming significantly more complex as each day passes. There are so many standards and frameworks, you can easily get lost on what you are trying to protect. Organizations need to identify risks to avoid, accept, and mitigate. We simply do not have the technology or manpower to ever be 100% secure.
Probably my favorite session at RSAC was the Cyber Defense Matrix. Sounil Yu created the Cyber Defense Matrix. While Sounil was the first to admit this tool is wrong and far from perfect, it gives us another perspective and a chance to simplify our approach. I personally loved this matrix and have added it to my own toolkit for security evaluations and assessments. It is a great governance tool with almost 30 different use cases on how this little grid can break down and simplify your cybersecurity ecosystem while providing the answers you seek without looking at complex coverage comparisons or lengthy framework standards. The few use cases I found most beneficial were:
- Vendor and Standards mapping
- Coverage Gaps / Defense in Depth or Breadth
- Structural and Situational Awareness
Telemetry is key
Identity and Devices were always considered the priority at the beginning of your zero-trust journey. Telemetry now needs to be included in that same priority. We need to be in the know regarding our data and activities before we can identify the risks we face and then set appropriate protection goals.
Telemetry comes from a variety of sources these days. Endpoints, network switches/routers, security solutions, audit logs, etc. If you are not collecting, monitoring, and analyzing all your data sources, you are creating blind spots for breaches to occur. Organizations need to use a Security Information and Event Management (SIEM) tool to collect and consolidate their telemetry. Ideally, the SIEM tool also provides security orchestration, automation, and response (SOAR) capabilities to automate your response and remediation of incidents.
Microsoft Sentinel provides both SIEM and SOAR capabilities. It is a cloud-native solution that scales rapidly and is connected to Microsoft’s Threat Intelligence Security Graph to provide the latest intelligent security analytics for your enterprise. As a bonus, data for Microsoft Sentinel is stored in a log analytics workspace, which is also what Azure Monitor utilizes. So, if you are considering Microsoft Sentinel as your SIEM solution, also consider implementing Azure Monitor to maximize the performance and availability of your applications. It can be a two for one deal when implemented together.
Microsoft recently released Migration strategies for moving from some other SIEM tools including Splunk, ArcSight, and QRadar. Additional resources such as Uncode.io and SOC Prime Threat Detection Marketplace can help expedient the migration.
Managed Detection and Response
A major presence at the Expo was Managed Detection and Response (MDR) solutions. These are becoming more relevant simply due to the lack of people to fill cybersecurity roles in organizations or they are not in the budget and the current staff simply isn’t skilled enough to handle or understand these incidents.
More and more organizations are looking to outsource their incident response to managed security service professionals (MSSP). It is cost-effective and allows organizations to feel confident their incidents are being looked over by professionals that live and breathe this data daily. Look for this service to become as typical as any traditional manage service offering, possibly even bundled together.
Because of this need, Enabling Technologies is developing our own cost-effective MDR offering to go along with our current Threat Hunter deployment solution. Please reach out to me if you are interested. More details will be coming soon about the entire solution.
In the final part of this series, you will hear about some of the latest threats, but also the most important aspect of any cybersecurity strategy.
Enabling Technologies can help you properly prepare for moving to the cloud based on Microsoft Best Practices and utilizing a secure and productive environment. You can check out more in the Security section of our website.