[BreachExchange] Why manual processes become security risks

Audrey McNeil audrey at riskbasedsecurity.com
Thu Mar 17 21:00:05 EDT 2016


http://www.mis-asia.com/blogs/security/why-manual-processes-become-security-risks/

While many organisations invest in detecting security issues, we regularly
hear about companies being breached. Security teams fight the battle
against cyber threats, and CISOs still struggle to answer the question: "Is
my security posture improving or deteriorating?"  Why is this happening?

A new study by Enterprise Strategy Group (ESG) shines light on this issue.
Nearly 75% of those surveyed said that incident response tends to be based
upon informal processes.  And 93% of respondents say that their incident
response effectiveness and efficiency is limited by the burden of manual
processes.

Hindering Security

Security teams are inundated with alerts from multiple sources. They're
using emails, spreadsheets, and phone calls for cross-team handoffs and
siloed security products.

With such practices in place, it's no wonder that it takes enterprises an
average of 206 days to spot a breach and an average of 69 days to contain
it, according to the Ponemon Institute. And it's not improving. Of those
surveyed by ESG, 61% believe that incident response has become more
difficult over the past two years.

This story must sound familiar to IT teams who live it every day. We've
seen that unstructured work drains productivity and keeps us on that
treadmill.

In the case of security, using manual tools and processes not only hinders
a team's ability to find issues and solve them quickly, but also becomes a
risk. Time to containment is key to reducing the cost and impact of a
breach, which can improve a firm's security posture.

In addition, the survey showed that the unhealthy reliance on manual tasks
likely aggravates the divide between IT and Security teams. The two groups
are often disconnected and their goals unaligned. Fixing most security
incidents or threats requires collaboration between these teams.

Security Operations: A Holistic View

IDC predicts that data breaches will affect 1 in 4 of the world's
population by 2020, which is a staggering amount and something that should
not be overlooked from an enterprise standpoint. Many organisations are
heavily invested in detecting security issues and security tools, but have
neglected a critical step. What we should be looking at is to focus on
processing security incidents by formalising and automating incident and
vulnerability response.

Once a risk has been detected, time to containment is key to reducing the
cost and impact of a breach, which can improve a firm's security posture.
Security breaches can be catastrophic, but it can also be a relatively low
severity vulnerability. In the case that it is considered a low-level
issue, it could affect a business critical system or the CEOs laptop, in
which case would certainly increase the priority of solving the issue.


Imagine being able to automatically detect and correlate information on
incidents and vulnerabilities in real-time, helping to understand the
business criticality of an issue and compress the time to identify and
contain an incident. Well no need - it's here!

Buying more software to detect potential threats won't bridge this gap. In
fact, as my colleague Dave Wright often says, buying new software without
revamping the process behind it, is like getting a shiny, new chassis and
hitching up a team of horses in front. Gets you nowhere fast.

Today, it's all about enabling the enterprise with security operations that
fundamentally transforms the process for security response. For us, we
wanted to extend our expertise in workflow, automation and orchestration to
security so that we can help enterprises move to a centralised response
process for incident and vulnerability response.

By giving a clear, fact-based view into security posture, via a single
platform, enterprises are able to unburden themselves with the inefficiency
and ineffectiveness of manual processes, and manage security incidents and
vulnerabilites through an automated workflow.

As enterprises become more digitally driven, we continue to look for ways
that not only modernise incident response but aid customers in the incident
investigation process with more context and threat data down the road.
Whilst organisations look to tools to detect security threats, they must
also apply automation and orchestration to help respond faster -- and even
automatically.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160317/b02c57e9/attachment-0001.html>


More information about the BreachExchange mailing list