I took note of the recent uptick in discussions about the concept of observation in the IT world and found myself compelled to come back to the topic, which I’ve touched on previously in my blog posts.
In the early years of cybersecurity, it was often said that people are the weakest link. This did nothing to encourage support, as it was insulting and demeaning. The new and better way to inspire people towards a cybersecurity mindset is to engage with and treat them as a valuable part of an organization’s overall cybersecurity initiative.
As security operations leaders, we are burdened with a large responsibility. The expectation is that we can respond to alerts as soon as possible and be able to investigate immediately. It sounds simple, but in today’s cyber threat landscape we are faced with growing threat vectors and a sheer volume increase in overall alerts or notifications. Failure to respond quickly enough or investigate the right areas could result in huge impacts to the organizations we are responsible for.
During the pandemic, collaboration apps such as Microsoft Teams and Zoom have played an important role in connecting the distributed workforce and helping organizations to cope with the so-called “new normal.” Even if we are finally starting to see the light at the end of the tunnel (and this time it’s a real light), the world won’t be exactly the same as it was before.
As software developers and associated business analysts are shifting more and more towards satisfying customer needs by providing them with a better quality product, they are consequently moving towards an agile mindset. Firms are changing the way they function to allow customer needs to be integrated not only into the final product and stages of sales but also all throughout the process of development of a product.
You don’t have to look far for proof that cybercrime is soaring to new heights. Early in the pandemic the U.N. reported cybercrime had increased 600% and other experts estimate damages from global cybercrime to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. Last year alone, we started 2021 in the fog of the SolarWinds attack and finished with the infamous Log4j vulnerabilities, the full impact of which will take years to understand.
Do cloud environments really have to be so foggy? Absolutely not. Yet, many enterprises have come to accept that not having full visibility into their cloud estate is just “how it is.”
As technology continues to evolve rapidly, so do the techniques used by adversaries. This may be considered a given, but it is important to appreciate how attackers may leverage existing and commonly used applications within an environment to attempt to seize control and achieve their objectives.
Extended detection and response (XDR) solutions deliver powerful capabilities to help security teams fight adversaries by increasing visibility, simplifying operations and accelerating identification and remediation across the security stack. XDR platforms gather and aggregate security data from a variety of sources to help detect and contain advanced attacks. But when it comes to efficiently analyzing threat data and quickly identifying the root cause of an incident, not all XDR solutions are alike.
