Posts

Bridging the NOC and SOC for an Integrated IT Powerhouse

The similarities between the role of the Network Operation Center (NOC) and Security Operation Center (SOC) often lead to the mistaken idea that one can easily handle the other’s duties. Furthermore, once a company’s security information and event management system is in place, it can seem pointless to spend money on a SOC. So why can’t the NOC just handle both functions? Why should each work separately but in conjunction with one another? Let’s take a look a few reasons below.

First, their roles are subtly but fundamentally different. While it’s certainly true that both groups are responsible for identifying, investigating, prioritizing and escalating/resolving issues, the types of issues and the impact they have are considerably different. Specifically, the NOC is responsible for handling incidents that affect performance or availability while the SOC handles those incidents that affect the security of information assets. The goal of each is to manage risk, however, the way they accomplish this goal is markedly different.

The NOC’s job is to meet service level agreements (SLAs) and manage incidents in a way that reduces downtime – in other words, a focus on availability and performance. The SOC is measured on their ability to protect intellectual property and sensitive customer data – a focus on security. While both of these things are critically important to the success of an organization, having one handle the other’s duties can spell disaster, mainly because their approaches are so different.

Another reason the NOC and SOC should not be combined is because the skillset required for members of each group is vastly different. A NOC analyst must be proficient in network, application and systems engineering, while SOC analysts require security engineering skills. Furthermore, the very nature of the adversaries that each group battles differs, with the SOC focusing on “intelligent adversaries” and the NOC dealing with naturally occurring system events. These completely different directions result in contrasting solutions which can be extremely difficult for each group to adapt to.

A new set of problems arise, however, when the two teams become siloed, with each group focused on only half of the equation. The resulting gap, particularly in terms of data that is not being shared, perpetuates an even broader gap in the necessary knowledge to maximize the effectiveness of each team. Efforts by the SOC that fail to take into account operational requirements or efficiencies cause bottlenecks that can result in a disruption in network performance. Likewise, fingers can be pointed at the NOC for implementing network designs that leave critical resources exposed and vulnerable.

The best solution is to respect the subtle yet fundamental differences between these two groups and leverage a quality automation product to link the two, allowing them to collaborate for optimum results. The ideal system is one where the NOC has access to the SIEM, so they can work in close collaboration with the SOC and each can complement – rather than impede – the other’s duties. The SOC identifies and analyzes issues, then recommends fixes to the NOC, who analyzes the impact those fixes will have on the organization and then modifies and implements accordingly.

So, what’s the best way to achieve this cross-functional collaboration and optimization? The most important goal is to eliminate operational and/or technical silos. By leveraging a cross-silo intelligent automation platform, security incidents can be detected and resolved while events simultaneously trigger automatic changes both to security as well as network device configurations. This essentially closes the loop on cyberattack mitigation while effectively bridging the distance between security and ops teams.

As the IT environment introduces increasingly complex applications and workflows across a spectrum of systems and devices, and oftentimes in a variety of different locations, the demand for a more streamlined, holistic approach also continues to grow. The time has come to rethink the way the NOC and SOC work together. With an orchestrated approach, powered by intelligent automation, organizations will be able to close the gap between the two departments to more effectively address today’s multifaceted threats, regardless of where they happen to occur within the network.

Ayehu NG is an intelligent IT Automation and Orchestration platform built for the digital era. As an agentless platform, Ayehu is easily deployed, allowing organizations to rapidly automate tasks and processes, including interoperability across disparate solutions and systems, all in one, unified platform.

If you’re ready to bridge the gap between your NOC and SOC to create an integrated IT powerhouse, click here to start your free trial.

Pursuing Digital Transformation in 2019? Here’s how to do so securely.

There’s a lot of talk about the topic of change management, and with so many of today’s forward-thinking companies going through digital transformation, mergers and acquisitions and any number of other updates, upgrades and changes, it’s for good reason. Keeping everything running as smoothly as possible is essential to a business’ ability to emerge on the other side stronger and even more successful. One such area of significant importance is IT security. If your organization is currently or will soon be navigating major changes, here are some specific tips to ensure that your critical data remains safe during the process.

Make it a top priority.

Regardless of what type of reorg you’re going through, the subject of cyber security incident response should be at the top of the list, and remain there throughout the entire process. Designate at least one individual (or preferably an entire team) whose sole purpose is maintaining maximum security at all times. If it’s placed on the back burner, your company will become vulnerable to impending risk and very likely to become a victim of a breach.

Plan ahead.

For situations, such as mergers and acquisition, determining whether there are any concerns with the other company’s cyber security incident response ahead of time is crucial, yet often overlooked even by top management and key decision makers. According to a 2014 survey from Freshfields Bruckhaus Deringer, an incredible 78% of respondents said cyber security was not carefully analyzed prior to an acquisition. Don’t make this same mistake.

Take advantage of technology.

Don’t leave the heavy burden of manually managing IT security on the shoulders of your technicians. Even under the best of circumstances, this task is monumental and impossible for humans to handle alone. Add in organizational change and you’ve got an entirely new and incredibly more challenging cyber security landscape to navigate. Use technology, such as automated incident response, to ease this burden and improve the chances of an uneventful transition.

Be aware of new targets.

A company going through major reorganization can be an attractive target for cyber criminals. In fact, even the very information surrounding the internal changes – such merger data and documents – may become a point of increased risk. The person or team charged with IT security should remain acutely aware of this information at all times and carefully monitor who has access and whether that access is legitimate. Otherwise, trade secrets and other confidential info could end up in the wrong hands.

Train and communicate.

It’s been said plenty of times, but it’s worth iterating again: cyber security incident response is everyone’s job – not just IT. Every employee should be trained on how to protect sensitive data and spot potential security concerns so they can be addressed immediately. Senior executives must also be involved in the cyber security discussion. When everyone takes some level of ownership, the risk to the organization as a whole can drop significantly.

Account for more exposure.

Organizational change often requires the addition of a number of external parties, such as lawyers, consultants, bankers and contractors. These additional people will ultimately mean greater exposure of sensitive data. This must be expected and adequately accounted for well in advance to ensure that all information remains as secure as possible throughout the entire transition. Again, the person or persons in charge of IT security should make managing access to information a top priority.

Is your company planning on rolling out some big changes in the near future? Is there a merger or acquisition on the horizon? Whether it’s adopting a new company-wide software product, making changes to corporate culture or partnering with another firm, the changes that will take place within can potentially leave you exposed to greater risk of a security breach. By taking the above steps and solidifying your cyber security incident response plan in advance, your company will be in a much better position to navigate the upcoming challenges and come out on the other side as a success story.

If you could use some upgrades, particularly in the technology you use for IT security and incident management, you can get started today by downloading a free 30 day trial of Ayehu.

Free eBook! Get Your Own Copy Today

Why Automation is a Must for Cybersecurity

Why Automation is a Must for CybersecurityThe increasing complexity and sophistication of cyber threats today has far outpaced the ability for most conventional security strategies to keep up. Adding more security devices, as many IT teams have been doing to this point, simply isn’t enough to keep their networks safe. Billions of dollars have been spent taking this approach, yet countless organizations have continued to fall victim to savvy cyber-criminals. The good news is, there’s a solution that’s less expensive and far more effective: automation.

A particularly telling statistic is that 90% of all organizations are attacked on vulnerabilities that are several years old. Furthermore, 60% of those attacks target vulnerabilities that are a decade old or older. One of the biggest reasons these existing vulnerabilities remain is because companies are often afraid that patching or replacing apps and devices will disrupt critical processes and services that depend on them. Being offline even for a short amount of time can result in lost revenue.

For devices that are deemed too critical to be taken offline, network segmentation should be implemented so that in case of compromise, the impact will be restricted only to a small segment and not the entire network. Furthermore, redundancies must be in place to enable traffic to flow around it during an update. Lastly, automation should be leveraged to help identify any and all exposed devices within your network.

Another tactic that has made it possible for cyber-attackers to be so successful is their ability to hide inside networks for long periods of time and then go virtually undetected by mimicking normal network traffic and behavior. This is where intelligent automation can really make an impact. Automated platforms powered by AI and machine learning can continuously collect and analyze network data, identifying anomalies and addressing threats far faster than any human security professional could.

Cybercriminals are already using automation as a way to scale their attacks, making them more effective and reducing the amount of hand-holding required in traditional attacks. What’s more, threats are evolving far more quickly than security personnel can keep up with. In order to compete, organizations must effectively fight fire with fire. This is why automation has become a critical component of a robust, multi-faceted and equally sophisticated defense. Intelligent automation is capable of covering an entire network, identifying new and existing threats and making decisions on its own to mitigate them.

In order to accomplish this, the security infrastructure may require retooling. Isolated security platforms and devices must be replaced with a system that is fully integrated and interconnected. Traditional security tools (those that are still relevant, that is), such as firewalls, secure gateways and intrusion prevention systems, must be combined with advanced cybersecurity tools like intelligent automation. Once a threat is detected, a coordinated response and remediation can then be automatically initiated, thereby mitigating risk.

Most importantly, all of this must happen instantly, automatically and simultaneously across the entire network, including physical and virtual environments, remote offices, distributed data centers, mobile and IoT endpoint devices and deep into the cloud.

Simply put, the future of cybersecurity is cohesive systems powered by automated processes that utilize artificial intelligence to enable autonomous decision-making. Only organizations that adopt such an approach will survive the ever-evolving threat landscape.

Will your company be among them? Don’t get left behind. Get started on the right path by launching your free product demo today.

Visit Ayehu at the 2018 RSA Conference!

Ayehu is excited to announce its participation in the 2018 RSA Conference. RSA Conference 2018 will once again take place at the Moscone Center and Marriott Marquis in San Francisco from April 16th to 20th.

Attendees will learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings will enable participants to tap into a smart, forward-thinking global community that will inspire and empower.

The Ayehu team will be providing live demos of our Virtual SOC Operator and demonstrating how closed-loop cybersecurity automation can improve CSIR times by up to 90%. This year, we will be setting up camp in booth #342.

Conference attendees are invited to stop by the Ayehu booth and enjoying ad hoc product presentations. Our security team will also be on hand to answer questions and discuss individual needs of each attendee. We’ll also be handing out some cool free gifts, so be sure to include us in your rounds.

As an added bonus, we are offering those interested in attending our presentations the opportunity to get a free expo pass. Simply enter the code X8EAYEHU when registering.

With over 45,000 attendees per year, RSA Conference has become the world’s largest provider of security events. The real value of the conference, however, lies not in its size, but in the valuable content provide and the opportunity for the community to feel inspired and engaged.

Conference attendees can expect to leave the event feeling better prepared for future challenges in the industry, their organizations and their careers. The multi-day event schedule is made up of seminars, keynotes, interactive learning experiences and much more. (See the full agenda here.)

In today’s digital age, information is a very highly valued commodity. Safeguarding that information, therefore, has never been more critical. If you are interested in learning more about how you can protect yourself and your organization against the constantly growing threat of security incidents, this event is a must-attend!

We look forward to seeing you!

3 Challenges Every SOC Struggles With (and How to Overcome Them)

In the cybersecurity realm, security operations centers (SOCs) are under increasing pressure to not only be proactive about protecting networks and the sensitive data contained within, but in many cases, they are expected to be predictive. This is coupled with the demand to provide 24/7 protection. All of this requires that SOC leaders learn from, understand and remain a step ahead of would-be attackers. That being said, there are certain challenges that just about every SOC is plagued by. Here are three such obstacles and how to effectively overcome them with SOC automation.

Resource Allocation

One of the biggest issues SOC leaders face today is centered on staffing, or the lack of qualified personnel. Are there enough people on staff? Do they have the right skills for the job? What happens if and when someone leaves? While some organizations choose to solve this problem with outsourcing, there is then the compounded issue of greater vulnerability that comes with remote work environments.

3 Challenges Every SOC Struggles With (and How to Overcome Them)These resource constraints don’t have to be crippling to productivity or even growth, provided the right technology is in place. For instance, SOC automation can provide continuous monitoring as well as rapid response and resolution with little to no human intervention required. Such a setup enables even the smallest of teams to run efficient, highly effective and profitable operations.

Information Overload

There has been a noticeable shift over the last decade or so through which security operation centers have gone from intelligence scarcity to experiencing what can only be referred to as information overload. Today, SOC operators are challenged with sifting through mountains of data – from emails and reports to files and alerts – with a goal of extracting the information they need and leveraging that data to effectively thwart potential cybersecurity incidents.

To combat this challenge, it is recommended that SOC leaders focus on obtaining information from known and trusted sources, thereby narrowing volume and eliminating unnecessary noise. From there, they should prioritize and address the data that is deemed to be relevant to their particular environments. Furthermore, SOC automation can be utilized for better threat management and help avoid alert fatigue.

Data Integrity & Intelligence Management

Last, but certainly not least there is the challenge of standardization for the purpose of effective information sharing. Now that the cybersecurity domain has become a place where intelligence transfer is commonplace, there is a new struggle that involves determining and agreeing upon a set of standards for how that intelligence is classified, validated, communicated and, of course, protected.

To address this, the first step revolves around the development and adoption of common naming conventions and common indicator formats. For instance, naming identified APTs, malware and viruses. From there, creating and maintaining a database of past attacks and attackers is recommended in order to develop a set of best practices. This requires more of a focus on building a predictive and actionable defense rather than reactively putting out fires as they occur. Once again, SOC automation fits right into this strategy by providing the tools necessary to easily track, monitor and report cybersecurity data.

Is your SOC struggling with one or more of these common challenges? If so, automation could be the key to getting things back on the right track. Download your free trial of our innovative SOC automation platform today!





eBook: 5 Reasons You Should Automate Cyber Security Incident Response




The Rise of SOC Automation

The Rise of SOC AutomationSecurity operation centers (SOC for short) are cropping up in organizations around the globe and across just about every industry. Many large enterprises have already initiated their own SOCs while others are currently in the process. Smaller companies are turning to external resources for their security needs. In either case, the SOC function serves to consolidate and centralize the incident prevention, detection and response process as well as monitoring, vulnerability management and several other key functions. Along with the wider-spread adoption of these teams has also been a steady rise in the use of SOC automation.

The reason why SOC automation is gaining in popularity is multifaceted. Firstly, there is the very real challenge associated with the highly-tailored and extreme complexity of today’s modern cybersecurity attacks. Gone are the days when incoming threats could easily be identified and thwarted with little to no impact on the organization or its sensitive data. Today’s hackers are leveraging newer and better technology to initiate highly targeted and relentless attacks on their victims. Human security teams are simply no match for these advanced persistent threats.

SOC automation facilitates a much more streamlined and highly effective defense against APTs and other such incidents. These platforms serve as an ever-vigilant, well-equipped army that stands at the ready, round-the-clock, to detect and address potential breaches. When an alert is created, it is automatically assessed and either remediated electronically or escalated to the appropriate human party for immediate attention. In other words, SOC automation acts as a force multiplier, enhancing the monitoring function and creating a closed-loop process that is much stronger.

The second area in which SOC automation is helping security teams, both internal and external, do their jobs more effectively is the amount of time it takes to address and resolve successful attacks. Despite our most valiant efforts, there will almost always be some vulnerability through which cyber-criminals can achieve their goals. The amount of damage they are able to do, however, will ultimately depend on how quickly they can be identified and stopped. Obviously, the sooner a breach can be identified and dealt with accordingly, the more the organization can mitigate damages.

In this dynamic, demanding and critical environment, there is little room for error. SOC automation and orchestration tools are virtually transforming these departments into advanced command and control centers by integrating with Security Information and Event Management (SIEM) systems and providing work­flows and play-books that extend SIEM existing capabilities. Agent-less architecture allows for the execution of tasks over physical, virtual, and cloud environments via standard protocols to speed up security incident response and resolution while improving security operations efficiency.

Finally, SOC automation cuts the Mean Time to Resolution and eliminates manual, repetitive tasks by automating incident response playbooks, freeing up scarce manpower resources, and measurably improving service levels. This type of platform also enables the advanced scheduling of security procedures on a regular basis in order to identify and prevent security vulnerabilities. In other words, it allows you to cover all your bases – from prevention and detection to response and remediation. The result is a much more secure, efficient environment overall, which benefits everyone.

To learn more about SOC automation click here. Or, better yet, try it yourself with our free 30 day, no obligation trial.





How to Get Critical Systems Back Online in Minutes