Enterprise security incident response trends to watch in 2018
Resolve Systems shared the top trends to watch in 2018 relating to incident response
and automation. The list of predictions are founded on the company’s
insight into the challenges enterprises express in today’s new normal of
high impact outages/breaches and why companies are investing in
incident response and automation technology.
“2018 is not going to be a quieter year in terms of cyber-attacks
against organizations. We know that threats are becoming more
sophisticated and easier for hackers to deploy, in most instances.
Therefore, we have to continue to improve our ability to protect against
those threats. To do so is a team effort that requires MSSPs, security
vendors, SOC managers and all parties involved in incident response to
lean on automation technologies and orchestration methodologies that
help investigate and remediate attacks quickly, efficiently and in a way
that really helps our overworked security teams rather than creating
more work for them,” Martin Savitt, CEO at Resolve Systems, told Help
Net Security.
Automation acceptance
Businesses’ comfort with security automation
will increase due to the necessity for scale. Increasing volume of
automated attacks will make it impossible for SOCs to keep up via manual
processes alone. Solutions that help hesitant organizations begin to
embrace automation (via a crawl/walk/run strategy) will capture
increasing market share. This is supported by Forrester Research’s
November 9, 2017 report, “Predictions 2018: Automation Alters The Global
Workforce.” The report states “Prediction 9: A true combined security
and ops automation platform will roll out.”
Lower SOC entry level
Users will increasingly seek solutions that can lower the bar of entry to security teams. Due to security’s significant skills gap,
solutions that help less experienced professionals become quickly
effective as Level 1 SOC analysts will be increasingly valued.
Continuous response
The market’s focus on incident response will change from today’s
reactive position to a continuous one. Post-mortem analysis on security
incidents will lead ongoing enhancements and testing for response
playbooks. The growing field of “range training” for security team
members and red team/blue team simulations indicate that attack
rehearsals and playbook tuning will receive increasing attention.
Savvy MSSP shoppers
MSSPs will be affected in 2018 and beyond, as clients begin to
request MSSPs to demonstrate attack responses and share metrics on time
to respond/remediate for specific incident types. Increasing media
coverage and public awareness of security incidents will make for more
savvy buyers who want more detailed evidence and assurances of an MSSP’s
ability to respond effectively to a significant breach.
SOC as IR thought leader
The SOC team will become a driver for efficiency, automation, and
best-practice procedures in IT, Network, and Service Desk, as the
remediation activities that these teams perform in security incidents
are critical for the success of the SOC. Given this, the SOC may well
stand to be the model for all technical teams in an organization.
SIR platform required
Having an incident response platform will become a non-negotiable for
security teams. As the rate and scale of cyberattacks will be a forcing
function for the adoption of automation, the pain of attempting to
automate in a fragmented and piecemeal manner will exert pressure on the
SOC to bring in a proper incident response platform to orchestrate and
automate response.
More money = more scrutiny
In the wake of recent catastrophic security incidents, CISOs and SOCs
will see increasing investment and budget to purchase tools. However,
with these added funds will come the onus to demonstrate measurable
results and improvements, so teams will seek ways to demonstrate success
with analytics, reporting, and attack simulations.
SOC developed automation
As a necessity, many SOCs are already scripting and building out
automations to support some simple mundane and repetitive tasks.
Leveraging their security expert’s “tribal knowledge”, however, many
SOCs will find efficiency in building their own automations and look for
tools that lower the programming barrier. They will seek solutions that
enable those who know how to investigate and remediate incidents to
create automations with no programming skills.
Possible CSIRT resurgence
While the construct of the cybersecurity incident response team
(CSIRT) has existed for some time, 2018 will show increased interest in
creating these in-house, cross-disciplinary incident response teams. As
more and more organizations realize the necessity of enterprise-wide
security response, the CSIRT will potentially become a way of attempting
to solve cross-team collaboration challenges without having to
completely rewire political and technical relationships between
Security, IT, Network, and Service Desk.
More movement to MSSPs
MSSPs will receive greater interest from organizations that recognize
the level of effort and in-house expertise required for a successful
SOC is beyond their means. Smart MSSPs – those that have the right
personnel and tools available to build buyer confidence – that
demonstrate the ability to meet core enterprise requirements and
state-of-the-art responses to security breaches will attract the most
interest.
Nice informative blog... This blog clearly show how important cybersecurity incident response is. I really found this blog content very helpful. Thanks for sharing
ReplyDelete