Current Filter: Network>>>>>Opinion>

   

Developing a comprehensive program of security controls, systems, people and processes is no easy feat, particularly for IT practitioners with budget and staff limitations. But what essential security capabilities are needed to create effective security with limited resources?

It is vital for small teams to develop routines to effectively manage environments and prioritise tasks, in turn laying the necessary ground work to make certain that they are fully prepared to respond when an incident occurs. There are a number of soft skills that are critical to being a successful small or even one-man security operations centre (SOC). First, you need to train the wider organisation about security awareness so that employees are better able to spot the warning signs. By making them aware of the dangers of, for example, phishing emails, BYOD and using company equipment at home, you can make your job significantly easier.

Effective communication skills are another important attribute of a security professional. You need to be able to explain what risk a particular threat poses to your organisation, and with this, provide a clear call to action. In doing so, management can understand what you need them to do to protect the business.

Regarding technical skills, a big time-saver is to automate as many processes as possible using scripting or by deploying specialised tools. This can also help with ad-hoc reporting if your boss, for example, suddenly requests information before a report is due.

It is also important that you establish defined processes and routines. For example, you may decide that you need to complete one set of tasks daily, such as alarm review, event review and tuning. Another set of tasks perhaps monthly, including vulnerability scanning, asset audit or reporting. Once the routine is set, you have a pattern to follow and report against. Additionally you need to set aside time each day to learn new skills. Developing the ability to recognise patterns that help you to spot anomalies and incidents as they occur is especially important. At the same time, try not to get so stuck in your ways - take advantage of new technologies and strategies.

To expand the reach of your limited resources, threat intelligence should be used to pull in additional knowledge and expertise from outside of your organisation. It allows you to harness crowd power by being able to access and share data about potential threats, and it provides a wealth of knowledge about emerging threats, saving both time and money. It also allows you to get more value from the tools you may have already deployed. For example, communities such as the AlienVault Open Threat Exchange (OTX) enable security practitioners from around the world to collaborate on how best to respond to emerging threats. This type of knowledge is vital for small teams with fewer resources because it accelerates their ability to both detect and respond to potential threats.

Unlike larger enterprises, smaller organisations do not generally have the luxury of deploying multiple security point products to defend against attack. So if you only choose one method of defending your organisation, look for a platform that has a range of essential security controls built-in and ensure that they provide the outcomes that the business requires.

Security Information and Event Management (SIEM) systems are a popular choice among SMEs looking to defend themselves against cyber-attacks. They usually collect data from many sources, but to be truly effective they should also incorporate threat intelligence. Information about malicious actors, their tools, infrastructure and methods provides the context needed to understand the behaviour of a particular threat and the expertise to respond. NC