The world is heading toward a fully remote work environment, including security teams who adjust and accommodate the change quickly. As a result of this shift, there is an inevitable need for enhanced collaboration and communication between security technology and its users, creating a collective defense.
We recently had a chat with Rajan Chheda, an infosec veteran of 20+ years and a Director of Customer Success at Cyware, who is skilled in managing various cybersecurity/defense teams. This includes leading Security Operations Centers (SOC), threat intelligence, vulnerability management, and threat hunting, to name a few. Based on that conversation, Rajan offered five key takeaways as considerations before building a cyber fusion center.
1. Collective Defense Vs. Siloed Defense
Organizations have to ensure they implement a collaborative approach for managing cyber threats. Cybersecurity systems are typically managed and monitored by different groups - SecOps, IT operations, physical security, product development, fraud. But, they all have one common set of goals: to protect the organization, its employees, and customers/users.
Siloed teams work independently, occasionally overlapping on the same efforts but don’t gain the benefits of transparency that comes from a streamlined organization. Acting as a collective defense unit, disparate teams can leverage cyber fusion centers to collaborate and increase operational effectiveness, readiness, and response to cyber threats. Furthermore, cyber fusion centers force-multiply collective security efforts by fostering collective defense between different organizations with shared security interests through strategic and technical threat intelligence sharing. A prime manifestation of such collective defense security strategy can be exemplified through the information-sharing communities such as ISACs/ISAOs that bring together hundreds and thousands of organizations from a common sector to put a collective front against cyber adversaries.
2. Keep Internal Communication Transparent
Identify processes and overlaps in efforts that can be consolidated by creating a formal blueprint. A blueprint allows you to index your tools, system, processes, procedures, and business requirements that you plan on integrating within the cyber fusion center. Then you can identify overlaps in systems and processes that can be consolidated to reduce redundancies and find existing issues, such as information silos or procedural bottlenecks.
An excellent way to gather valuable information and build internal consensus is to communicate closely with stakeholders and their teams. Each team involved has pain points and tiresome manual tasks that can be improved using the cyber fusion approach. By working with stakeholders in identifying these pain points, organizations can reduce costs and increase efficiency by making the most of the tools, processes, and human resources already in place.
3. Organize Critical Security Technologies
The goal for any organization adopting a cyber fusion center should be to move from reactive to proactive and then to collective defense-driven threat management. To achieve that, identifying a streamlined cyber fusion process that combines the right people and finds the technologies to support the effort is critical. In alignment with the cyber fusion process decided, organizations can then implement protective technologies with constant monitoring through detection systems, with real-time/historical threat visibility. These technologies would further have an enhanced capability to analyze potentially suspicious behavior, facilitate smarter decision-making through high-confidence actionable threat intelligence, and execute incident response measures through integrated security automation solutions.
4. The Journey to Security Maturity
Cyber fusion doesn’t happen overnight. It involves onboarding various teams and stakeholders, consolidating and automating various security processes such as the threat intelligence lifecycle, integrating with various systems across organizations using SOAR solutions, training resources, and developing metrics/dashboards. While some organizations may want to move too quickly, by keeping your focus and milestones small, you can get some early wins and build from there. If you try to put too much weight on a rapid digital transformation instead of smaller wins, it will disrupt normal processes/operations and negatively impact your defined goals.
5. Choose What Fits
When moving forward with Cyber Fusion, it is essential to properly evaluate vendors that align with your business needs and goals. Typically this means ensuring that a vendor has the required technology and ability to support a digital transformation of this magnitude adequately. For example, an ideal cyber fusion partner can augment existing technology, not just rip and replace and create a single pane of glass that delivers the required contextual information needed for effective decision making.
Cyware is the only company that designs Virtual Cyber Fusion Centers, enabling end-to-end threat intelligence automation, sharing, and unprecedented threat response for organizations globally. Click here for a free demo now!