Expert Series | Adapting SIEM & SOC for Security Intelligence & Zero Trust
Welcome to another episode of Infralytics. This episode brings together Shankar Radhakrishnan, Founder of Skedler, and Justin Henderson. Justin is a certified SANS instructor and a member of the Cyber Guardian Blue team at SANS, authoring a number of courses at SANS. Justin is also the Founder and lead consultant at H&A Security Solutions.
Together, Shankar and Justin discuss the intricacies of “Tactical Security Intelligence and Zero Trust Architecture: How to adapt your SIEM and SOC” during their informative video podcast. Let’s recap their discussion and learn more about what sets tactical security intelligence and zero trust architectures apart from other cybersecurity approaches.
What is Tactical Security Intelligence?
Tactical security intelligence provides information about the tactics, techniques, and procedures (TTPs) used by threat actors to achieve their goals (e.g., to compromise networks, exfiltrate data, and so on). It’s intended to help defenders understand how their organization is likely to be attacked, so they can determine whether appropriate detection and mitigation mechanisms exist or whether they need to be implemented.
What Sources of Data/Information Can Be Divulged?
Tactical security intelligence can divulge what tools threat actors are using during the course of their operations to compromise target networks and exfiltrate data. This type of information will usually come from post-mortem analyses of successful or unsuccessful attacks, and will ideally include details of the specific malware or exploit kits used. It can also identify the specific techniques that threat actors are using to delay or avoid detection. Justin Henderson tells us that most organizations are using tactical security intelligence to “[perform] critical alerting and monitoring back where the data normally resides. The best visibility to see the attacker doesn’t exist there, it exists earlier on like the desktops and laptops.”
How do you adapt your SIEM platform for effective tactical intelligence?
In some cases, tactical security intelligence will highlight the need for an organization to invest additional resources in order to address a specific threat. Your tactical security intelligence may lead you to implement a new security protocol or reconfigure an existing technology in order to simplify matters and continue driving innovation forward while averting serious threats. Unfortunately, incident response efficacy relies heavily on human expertise, therefore it can be more difficult to measure the impact of tactical threat intelligence when it comes to identifying serious threats. This is why when supplementing your SIEM platform with tactical security intelligence solutions, it’s best to implement a strong feedback loop between frontline defenders and your threat intelligence experts to ensure more robust network protection.
What is Zero Trust and How Does it Differ From Other Approaches?
Zero trust, as an approach is a reflection of the current, modern working environment that more and more organizations are embracing now. Under the zero trust approach, organizations trust nothing, but verify everything. This approach requires logging, authentication and encryption of all data communication. While it is impossible to fully implement zero trust, Justin Henderson tells us that the best way to go about managing Zero Trust is to “know a baseline, find deviations, then investigate.” The approach is considered as all-pervasive, capable of powering not only large, but also small-scale organizations across various types of industries.
How Does Zero Trust Impact Your SOC?
To protect, adopting a zero trust approach may be your best bet for success as it allows your organization to seamlessly monitor suspicious activity. This real-time data exposure allows your IT team to reduce the potential for security exposure, thereby giving them the ability to leverage the power of their SOC immediately. Doing so can help your organization sidestep a data breach which can cost $3.9 million on average per a 2019 Ponemon Institute report.
Don’t forget to subscribe and review us below because we want to help others like you improve their IT operations, security operations and streamline business operations. If you want to learn more about Skedler and how we can help you just go to Skedler.com where you’ll find tons of information on Kibana, Grafana, and Elastic Stack reporting. You can also download a free trial with us, so you can see how it all works at skedler.com/download. Thanks for joining and we’ll see you next episode.