1 Security Incident x 4 Tools x 8 Roles = 8 Days

Collaboration can significantly improve this equation.

Brian Dye, Corporate Vice President, Intel Security Group General Manager, Corporate Products

May 25, 2016

4 Min Read
Dark Reading logo in a gray background | Dark Reading

Collaboration may be the key to enhancing your security responsiveness, according to a recent global research report. Improving how your teams and products work together, including enhancing communication flows, fostering trust and transparency, and automating time-consuming tasks, could increase flexibility and effectiveness by 38% to 100%, depending on the size of the group. The bigger the group, the higher the potential improvement.

Our new global survey of 565 security professionals indicates the continuing need for greater effectiveness. Security operations teams are being inundated with security events as attacks and threat vectors increase in volume and variety. On average, investigations take people from up to eight different roles within the organization, using four or more security tools, eight days from detection to clean up.

Ironically, the groups with more advanced threat- and incident-management solutions conducted twice as many investigations because they had more detailed data and could detect more sophisticated and subtle attack behaviors. Almost half of those with advanced threat- and incident-management tools were able to shorten their average investigation times.

With the number of tools and people involved, respondents indicated that collaboration could improve effectiveness. The surprise was how big an impact they thought enhanced collaboration between the security analysts, incident responders, and endpoint and network operations teams would have. Centralized orchestration among these players was predicted to deliver a 38% to 100% improvement in effectiveness. These findings are promising for anyone worried about the cyberskills shortage and our ability to combat evolving threats. We can do more with what we already have.

It isn’t just about real-time alerts and case-management workflows. Our research identified three critical areas to develop: communication, trust, and automation.

Communication

Security investigations are iterative; the next step is influenced by the situation rather than prescribed by process. There are also so many people and products involved in a typical investigation, from different sites and time zones, that any form of manual communication or integration introduces delays and errors.

Given these hurdles, developing and enhancing orchestration between security products enables a host of time-saving human communications, including role-specific dashboards and monitoring tools, real-time visibility, policy and process-driven workflows, and access to current and historical event data. These, in turn, provide the most significant way to reduce incident response times by delivering more accurate and up-to-date information and prioritizing the areas in which to act.

Trust

Following closely on communication is developing higher levels of trust and transparency among teams, both internal and external to security operations. The two critical components of this are confidence that the information being received is accurate and complete, and confidence that work will get or has been done. Leading by example is critical here, demonstrating your trust in others and avoiding blame.

Having an incident-response game plan, practicing real-life scenarios, facilitating and coaching through each incident, and debriefing for the next iteration help create a positive attitude and continuous process improvement. This in turn encourages people to contribute as needed, even outside of their primary roles.

Automate-ability

Finally, the security skills shortage is not going away. Scripting critical time-consuming local and remote tasks is a good way to start down the road of getting your security tools and computing machines to shoulder more of the load. Our survey found a significant willingness to automate or semi-automate many tasks that traditionally require human intervention. Some are low risk such as clearing a browser cache or restarting a Windows service; some are higher risk such as isolating a host, rebooting a system, or reimaging a disk. Survey respondents showed that low-risk tasks could be fully automated, and the higher risk tasks could be automated with a pause for human approvals. Consult the report and infographic for specific examples of automation preferences.

Our survey indicates that improving collaboration across people, process, and technology can have significant benefits, connecting the tools and roles to shorten critical security operations metrics: times to detection, containment, and remediation.

For more information on how collaboration can improve your security equation, and other findings on advanced threat and incident management, download the full report How Collaboration Can Optimize Security Operations.

Read more about:

2016

About the Author

Brian Dye

Corporate Vice President, Intel Security Group General Manager, Corporate Products

Brian Dye is corporate vice president in the Intel Security Group and general manager of the group's global security products at Intel Corporation. He is responsible for Intel's global corporate security product portfolio and worldwide engineering, including product management, development, strategy, and solution delivery.

A veteran of the security industry, Dye has a breadth of leadership experience in digital threat and information protection. He joined Intel in 2015 from Citrix Systems Inc., where he was vice president of the Mobile Platforms Group and managed the teams responsible for the company's enterprise mobility business. Before joining Citrix in 2014, Dye spent more than a decade at Symantec Corporation, culminating in his position as senior vice president of the Information Security Group. In that role, he led product management, engineering, support, and operations for Symantec's gateway security, data center security, data loss prevention, trust services, and managed security services businesses. During his Symantec tenure, Dye also held senior management positions in the Information Intelligence Group, Information Management Group, Enterprise Security Group, Information Risk Management Group, and Data Center Management Group.

Earlier in his career, Dye held various business development and engineering management roles at Xerox Corporation's Palo Alto Research Center, E Ink Corporation, and Procter & Gamble Co.

Dye holds a bachelor's degree in chemical engineering from the Massachusetts Institute of Technology and an MBA degree from the Stanford Graduate School of Business at Stanford University.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights