NetWitness Community

Security Monitoring is no longer in its infancy and most organizations have some level of monitoring in place today.  So the question begs, if this is in place then why do we continue to see organizations failing to secure their networks and protect what matters most to their business?

In reality there is no single reason for these breaches nor is there a silver bullet for curing the problem. If you had a chance to listen or watch the keynote from this year’s RSA Conference, delivered by RSA's President Rohit Ghai, you’ll recall that he said we have to look to the silver linings and see where small changes made across the Security Monitoring arena can add up to make significant overall improvements to our security.

There is sometimes a perception that deploying multiple security technologies will protect an organization.  In several recent discussions it's apparent that organizations continue to experience major breaches even with technology in place.  Sometimes they simply have the wrong technology.  Other times they have the right technology, but they're not actively using it or using it to its full potential.  The point is that it is less about what technology you have in place and more about what you actually do with it.  We've seen a number of examples where smaller security teams excel purely by knowing their own environment and having a thorough understanding of their tools, capabilities and making the most of what they have been able to invest in.  

This is indicative of another issue: skill shortages and finding the right security staff. It’s not necessarily about having the perfect team from day 1, but it’s about growing their skills in-house to make sure they know what they are defending (and why).  This involves having a development path to increase the organization’s Security Operations Maturity.

Knowing your own threat landscape and what gaps you have in threat detection are crucial in a modern Intelligence-led Security Operations Center.  The fact is that understanding your own network landscape is going to be crucial when you are defending it against the most sophisticated attackers.

In short, what we are saying here is that it is incredibly difficult to develop a SOC or any other Security Monitoring capability which is going to be effective from day 1. It is all about the journey. SOC Managers, CISO’s, CIO’s and others have to identify what is important to them and develop a plan which will provide the enhancements in capabilities (Tools, Technologies & Procedures) and ensure that these are supported both financially and by metrics.  This includes having a roadmap of where you want your Security Monitoring program to grow to and being able to test how well the team is performing via Red Team engagements as well as Controlled Attack and Response Exercises.

Join us on our upcoming webinar next month on June 12^th to learn more.  We will discuss this journey with one of our customers who has taken this exact approach in building and developing their team into one of the most skilled Security Operations Centers that we’ve seen to date.   

Click here to register.

I wanted to give a special thanks to Azeem Aleem, Gareth Pritchard‌ and David Gray‌ for their contributions to this blog and upcoming webinar.