We recently spoke with Ben Harrison, Director SOC and Security Services at Cygilant and Jake McCabe, CISSP, Presales Director at LogPoint on 10 steps to cybersecurity. Here we summarize their conversation on why data is king.
The volume of data we must analyze to stay secure is substantially increasing. At the same time, the tooling and systems that support cybersecurity are not increasing at the same rate. Now we have a situation where every single device is an endpoint and nothing can be secured by a solid boundary. We are collecting logs from far more sources than we are used to from pretty much everywhere.
As a result, we need to look to data scientists and analysts for new techniques to create insights from security data. This includes a key activity - threat hunting. We need to dig deep into security data to identify elements that an automated tool may have missed.
A SOC spends the majority of its time analyzing security data. Data must be collected, analyzed, understood so that it can drive outcomes. But there is no point in creating reports or graphs that don’t offer meaningful insights. You need to know what actions to take - creating new alerts or patching an OS for example. Data is noise without context or direction.
- Doing the Basics Well
- Demonstrable Customer Security Value
- Frameworks & MITRE ATT&CK
- Plan Your Use Cases
- Process, Process, Process
- Balancing People and Process