Don’t Let Data or Team Silos Slow Down Your Threat Response

Author:Thomas Bain (VP of Marketing, Cyware)

What’s the point of information if you can’t use it to get your job done? Data is typically the foundation of how people form opinions and perspectives and certainly the key ingredient for how organizations make informed decisions.

It's the same principle in enterprise cybersecurity: without data or intelligence, making well-formed decisions is becoming more complex. SecOps teams are challenged daily to make miracles happen relative to distilling volumes of data into curated, validated intelligence to make decisions.

What happens if you don’t have access to that data as an operator? Also, what if you don’t have access to that data? What might be even more dangerous is, what if you have only half the story in a particular set of IOCs or observables as a SecOps team member?

And what if the curated, enriched data set existed only within the domains that the threat intelligence analysts could access? That leaves the endpoint and network security folks out of the discussion and certainly doesn’t tie together any additional signals the non-threat intelligence teams are assessing.

What happens is there is nothing that unifies a team better than validated, curated information. And if you are initiating a threat response that features only 50% of the story, you might be firing blanks. You could be wasting time and resources that leave open the possibility a real threat, or series of incidents or alerts might be going unvalidated, and hence not identified in the category of data to be analyzed.

That’s when bad things happen. And that is why Cyware took on what we feel is an important survey to uncover some information with Forrester Research, in a study we commissioned to find out what organizations are stating their priorities are with respect to threat response.

According to our study, entitled “Forrester Opportunity Snapshot: Automation And Unification Enable A Cohesive Attack Surface Defense, published today, 71% of security leaders report their teams need access to threat intelligence, security operations data, incident response data, and vulnerability data, yet 65% of respondents find it very challenging to provide security teams with cohesive data access.

What this amounts to is a slower, more labor-intensive threat response that simply does not scale in the wake of today’s evolving attack surface. And the longer it takes to respond to threats, two things happen:

1. If there’s been some level of intrusion or external penetration based on a tooling signal or notification, and there’s a need to further investigate that incident, you are past dwell time and into the unknown as far as potential damage is concerned. So you are up against the clock in a real way.

2. Your organization’s risk increases substantially the longer it takes to identify and contain that threat. It's not a given that you will be breached.

Cyware commissioned a study with Forrester, tapping 339 cyber professionals to understand the most significant challenges security teams will face in the years ahead.

**Here’s a summary of our key findings: **

• 64% of respondents note that sharing cyber threat intelligence between their organizations’ security operations center (SOC), incident response, and threat intelligence teams is limited. Organizations also cite several data silos and data access issues that hamper their ability to achieve collective defense.

• Top obstacles to unifying technologies include cross-team collaboration (55%), data silos within security teams (47%), discovering and accessing data (45%), and functional silos within security (45%).

• Due to difficulties unifying data access, security teams, and security technologies, firms report several consequences tied to potentially hazardous defense issues, including slow threat response (60%), avoidable data breaches (57%), and avoidable human error (53%).

• In addition, there are financial impacts experienced because of a lack of security unification and automation, such as high mitigation costs and increased cybersecurity spending (51%), and fines and compliance issues (45%).

**How to use this report: **

1. It's an easy read - so read it and give us feedback or contact us with any questions. It's relatively easy for non-cyber personnel as much as it is for teammates on your SecOps team.

2. If you can identify the factors that are impacting a slower threat response, take this report to your team and your manager as a way to demonstrate there are opportunities to improve, and the report outlines these first steps.

3. Engage with us at Cyware - we’re solving threat intelligence, orchestration, automation, and threat response challenges daily for customers trying to unify their approach around automation to protect their business. Everything we build points to building a collective defense.

Cyware helps organizations align into a zero-trust framework - an architecture for the modern enterprise that removes implicit trust and replaces it with an adaptive, dynamic set of technologies to harden all controls across all areas.

Cyware also delivers next-generation SOAR and threat intelligence capabilities that also extend well beyond JUST cybersecurity use cases, actually bridging the gap between IT Ops and SecOps, as we do with partners like Ivanti.

You can learn more about how to attack some of these challenges from analysts Allie Mellen and Brian Kime, who will present with both myself and our resident SOAR SME Lorenzo Anderson.

You can register here for the webinar. And you can download the study here.