A rapidly worsening threat landscape should be leveraged by CISOs to justify overhauling their operations centres, a Canadian security conference has been told.
Kristin Lovejoy, keynote speaker at the SecTor 2015 conference in Toronto and president of Acuity Solutions, a maker of a malware detection platform, warned attendees that the number of destructive and politically-based malware attacks is increasing and will only get worse.
“One of the things I highly advise you doing is using the threat landscape to go to your powers that be and recommend evaluating the next generation SOC (security operations centre),” she said “because our ability to prevent infection… is very challenged in today’s world. This can be the centrepiece of a security strategy. By detecting (threats) you’re better able to react.”
A next-gen SOC should include technologies that can deal in real time and respond to advanced threats, vulnerability scanners and database monitoring, all of which feed into a data warehouse. That in turn is linked to a security information and event management suite (SIEM) that does normalization and correlation of events. In addition, there would be analysis with access to tuning and forensic tools, and a response team.
A former global CISO at IBM, Lovejoy painted a wide-ranging picture of challenges and business disruptors infosec staff are facing today and how they can meet if not take advantage of them.
For example, she said IT security shouldn’t fear cloud computing, which allows organizations to create a pattern of infrastructure, wrap security controls around it and then replicate in a centralized way.
“Your job is not to stand in front of cloud but to figure out how to enable the organization to rapidly and radically adopt the cloud not just for economics but to improve the overall security posture,” she said.
Similarly, CISOs need to embrace agile software and business development processes by making sure security teams are advising on risk.
Don’t waste time worrying about millennials who seem to ignore security policies, she said. Instead use them “as an opportunity to radically change the way you approach security.” For example, divide employees into blocks of users, each with a separate security policy: Privileged users have to use corporately-supplied devices, general users can bring their own.
But arguably her central message is that IT security teams have to create a better brand. “You don’t want to be ‘The House of No.’ You want to be known for innovation. ‘My job as a security team is to participate in the creation of innovation with confidence’ — Something hokey like that. Define a mission statement. Define yourselves as partners and advisors and sources of dependable and simple information.
“The reality is business folks want you to be your partner but don’t know how to talk to you.”
Also, she urged CISOs to talk about risk in business terms to managers and executives. So, for example, let them know there is a risk of forced code compromise in an application that will steal customer information. Or in a medical device that could kill a patient.