Infusing agility into Security Operations Centres

The infusion of expertise and actionable intelligence changes the game in the MSS space.

FacebookTwitterLinkedIn
Infusing agility into Security Operations Centres

 

Cyber attacks are becoming more targeted and persistent even as organisations continue to struggle with evolving attack surfaces and a chronic shortage of security talent.

Laying out the facts at the recent GovWare 2018 conference in Singapore, Chris Schueler, Senior Vice President of Managed Security Services, Trustwave, a Singtel company, said, “Attackers know your environment as well as you know your environment. If we are not agile in our security operations, they will take the fight to us and we are not prepared for this fight.”

Obstacles to agility

In his presentation “The need for an agile security operations centre (SOC), Schueler highlighted some of the challenges to agility, such as the surfeit of tools and the scarcity of talent.

“One of the core observations across 2018 is that there are too many tools,” he said. Organisations are spending US$150 billion on cyber security tools, and may have up to 50-60 tools in their environment. But – no thanks to the global shortage of cyber security talent – they may not have the people to implement and manage these tools effectively. “So when you have a targeted attack, we are not able to identify who the adversaries are in the first place, and that by itself creates an inability for us to be agile.”

These challenges are compounded by the fact that the attack surface is expanding. For example, the move to cloud-based Software-as-a-Service changes the attack surface. So does each acquisition a company makes. In Europe, the complexities of implementing GDPR controls has further complicated the data security environment.

Addressing adversaries

To adapt to this changing security landscape, agility is critical.

Unfortunately, current SOCs tend to be very rigid in scope and execution. Traditionally, security has operated in a reactive mode. It is about collecting logs and data and managing devices, for example, standard anti-virus and firewall management. And security teams are built on these reactive services and organised into different tiers for threat detection, advanced analysis and incident response.

“The thing about tiers, however, is that they are nice buckets but they do not function to address what we are trying to address, and that is the adversaries,” said Schueler.

Targeted attacks are a very real threat today, and organisations need to understand who is trying to attack them, in order to counter the attacks effectively. They will need to establish an agile security operating model based on the threats that they face.

Schueler cited the example of the Cobalt cybercrime group which launched an ATM overdraft campaign. From a reconnaissance and delivery perspective, the modus operandis was repeated for all their attacks, and that was the calling card for the group.

If organisations have access to this kind of threat intelligence, they will be able to identify and anticipate the attacks that are coming into their environment. “The kill chain helps organise, correlate and attribute attacker activity to larger campaigns and to predict future attack tactics,” he said.

Bridging the chasm

Currently, most traditional SOCs rely on consultative services to stop and remediate attacks. To be truly agile, organisations will need to bridge the chasm that lies between security operations and incident response - linking their traditional SOCs and consultative services. This requires them to look not at tiers, but at new roles that address the complexities of modern threat actors.

For example, they will need adaptive security capabilities to carry out active threat hunting, which is the proactive hunt for suspicious activities by understanding the calling cards of the different threat actors. Other roles include digital forensics and digital response which involves collecting the right forensics image for investigative purposes; threat architects who can take data from SIEMs, big data and data lakes, and connect the dots for the organisation; as well as threat analysts, and malware and phishing reverse engineers. These are the roles that organisations will need to invest in, said Schueler.

But how can they do this in the face of chronic skills shortage, with an estimated 1.8 million cyber security jobs looking to be filled across the world?

Opening access to elite skills

This is the challenge can be addressed with the newly launched Trustwave SpiderLabs® Fusion Centre. It brings together elite skills in cyber security under one command and control centre, enabling the expertise to be propagated across the global network of 10 Advanced Security Operations Centres (ASOCs) operated by Singtel and Trustwave. With this, thousands of our Managed Security Services customers across the world can now have access to elite cyber security skills.

The Centre’s team of ethical hackers, threat hunters and incident responders is supported by a threat intelligence platform that gathers feeds from over 180 open source providers, proprietary connections with cyber security vendors, and internal intelligence collected over a decade. These are combined on one cohesive platform, allowing for the effective identification of threat actors amidst petabytes of threat data.

The actionable threat intelligence capability enables Trustwave to monitor, detect and immediately stop cyber threats down to individual endpoints. This helps to reduce the time needed to detect vulnerabilities, adversaries’ tactics and malware signatures from days to hours.

This infusion of expertise and actionable intelligence changes the game in the MSS space. It helps transform SOCs to become agile and proactive, empowering organisations to take the fight to the cybercriminals.

Find out how you can better defend your organisation with ASOC and advanced threat hunting capabilities delivered through our managed security services.

Speak to a Singtel security advisor today.

You may also like

Bridging the cyber talent gap: Why training matters as much as hiringShare
Apr 2025 | -
cyber security
Bridging the cyber talent gap
Singapore is tackling the cyber talent shortage by creating new ways for people to enter and grow in the field—no tech background needed. With industry-led training and support from key industry players, these programmes focus on real-world skills and practical readiness, helping build a stronger, more resilient cyber security workforce for the nation’s digital future.
Shield against cyber scams through preparedness programmeShare
Mar 2025 | -
cyber security
Shield against cyber scams through preparedness programme
Cyber scams are evolving, exploiting both technology and human psychology, making cyber security training essential for organisations. Frost & Sullivan explores how Singtel’s CSI offers a comprehensive Cyber Scam Preparedness programme, emphasising shared responsibility and victim empathy to equip frontline employees as the first line of defence against cyber threats.
Organisations with managed connectivity and cloud-delivered SSEShare
Mar 2025 | -
cyber security
Securing organisations with managed connectivity and SSE
This infobrief explores how managed connectivity and cloud-delivered Secure Service Edge (SSE) can protect IoT and mobile-enabled organisations, highlighting the importance of robust security solutions to safeguard devices, data, and networks in an increasingly connected world.