最后更新于2020年6月4日星期四13:46:30 GMT
在我们最近的一次会议上 Accelerate Threat 检测和响应 with SIEM + SOAR 网络广播系列, Rapid7 product leaders offered advice on how to increase security team efficiency, 分析了最普遍的网络安全问题, 并强调了集中注意力的方法, optimize, 简化安全响应. Read on to learn how these steps can help free up security teams to address critical threats and eliminate repetitive tasks.
From response lag to excess noise: Identifying cybersecurity challenges
Reports show up to 65% of security professionals actively think about quitting as a result of stress. 虽然这个数字听起来高得惊人, experts note it’s hardly a surprise to those inside the industry. Security teams face myriad complicating factors in their day-to-day operations, and pinpointing the most urgent challenges is the first step toward addressing cybersecurity issues, 提高工作满意度, 鼓励团队士气.
One of those challenges is the continued sprawl of threat environments. Today, a typical security team manages thousands of different cloud services and hundreds of applications. With workforces shifting online, they must find ways to secure remote endpoints. And as the digital footprint of most organizations continues to expand, 招聘趋于停滞, leaving fewer professionals to handle a growing number of tasks. Combine this with the emergence of increasingly complex threats, 难怪安全团队会感到不知所措.
Another notable issue is the unprecedented level of noise and false positives. Organizations struggle to keep pace with alerts—and when they do act, investigations take too long. Attacks occur in minutes, but responses may take months to resolve. The average attacker has an estimated nine months to explore their environment undetected. Hampered (and too often defined) by outdated software, security infrastructure lags.
明确优先事项,实现重点
令人鼓舞的是, experts say they’re seeing more customers beginning to approach cybersecurity with a framework mindset. 用户寻求强调优先级的计划, with a focus on what’s relevant to their particular industry. They recognize the perception that security acts as an obstacle to DevOps agility, and want to embrace a more supportive security posture.
While no team can manage everything efficiently, a focused team is an efficient team. 安全不是放之四海而皆准的, so this means finding the right framework for your particular team. 你现在受什么保护? 你的“皇冠上的宝石”资产是什么? It’s critical to track progress over time in order to assess which implementations prove successful, and measure resource expenditures against security benefits. 在适当的重点下, 保安可以学会更聪明地工作, 不困难, 改善业务成果.
But unless your team is educated in the proper processes, 您可能会使完美的框架变得无用. With a well-communicated incident playbook, it should be abundantly clear who is in charge of what before 危机来袭. You don’t want to be unsure who notified customers following a breach—or whether they’ve been notified at all. In training, simulate likely emergency scenarios in table top exercises. 在解决人员需求时, weigh the pros and cons of third-party outreach alongside internal hires.
Reducing remediation time: Performance analysis and automation
当团队对目标达成共识时, 优先级, roles, 和责任, it’s much easier to analyze performance and drive improvements. Conduct audits regularly, noting improvements as well as repeat findings. These should help teams derive smarter recommendations over time, and ideally keep users from making the same mistakes over and over again.
Security leaders must find creative ways to amplify impact, not noise. The good news is the security industry is warming to automation. Because automation minimizes response time and process redundancies while improving threat detection reliability, it’s increasingly embraced for its ability to efficiently target pain points.
除了流线型的世俗, 重复的过程, 自动化使分析人员能够专注于分类, 而不是陷入误报的泥潭. 使用正确的工具, security teams don’t have to spend time building their own platforms, 这进一步减少了摩擦. 根据我们的专家, users report finding automation tools strangely addicting; it’s not uncommon to hear, “接下来我可以自动化什么??”
收听完整的网络广播
Thanks to our security team leaders for taking the time to chat, and guide us through implementing more efficient cybersecurity practices. 听录音 完整的网络直播 and make sure you’re registered to catch additional on-demand sessions of our Accelerate Threat 检测和响应 with SIEM + SOAR 网络广播系列.
