Avoid high cost and massive headaches – the move towards managed security services
Awareness about security has grown over the years, thanks to extensive press coverage about cybersecurity incidents in large organisations and state-sponsored cyberwar activities initiated by certain countries.
While security awareness has increased, many organisations’ progress in defending their business against cyberattacks has stalled. The 2015 Global Threat Intelligence Report has revealed that cyberattacks against business and professional services have even gone from 9% to 15% in the past year. I believe organisations can expect to face the following security management challenges in the near future:
Security management will become a corporate and security governance problem. Many larger organisations align themselves with corporate and security governance programmes to ensure they achieve predictability and quality. However, governance programmes struggle to keep up with the ever-changing and growing needs of security management. In retrospect, the tendency for security management to provide the required method of governance has become prevalent. The challenge is to ensure security management remains governed and aligned with business directives.
Security communication has become a knowledge transfer and decision-making problem. Even when information is delivered at the right time, to the right decision authority, many organisations aren’t able to make the decisions necessary to reduce risks and protect their business. The challenge here maintaining a working incident response plan. There’s also the issue of knowledge capture: your level of protection depends on your ability to stay informed about the latest information security threats and invoking the right countermeasures. The biggest challenge is not knowing what you don’t know – that is, having a strategy to detect and defend against threats targeting zero-day vulnerabilities.
Running 24/7 security operations has become a resourcing and cost problem for the industry. Some organisations operate 24/7 help-desks, however, this isn’t the same as operating a 24/7 Security Operations Centre with experienced analysts who can detect, analyse, and respond to cyberattacks. The challenge here is the cost of having experienced and qualified personnel working around the clock.
Information security has become a significant data mining and analytics challenge. To be able to detect attacks, you need to first understand the different stages of an attack and how each stage can be detected and responded to. Without this information, it’s more than likely that an incident will go undetected. The challenge is to:
- Collect, normalise, and correlate many terabytes of data
- Use it to deliver information intelligence using context and content-based detection methods
- Extract business value from it
Accurate and complete reporting on big data has become a resourcing and compliance problem. With the many terabytes of data being produced each day by the typical organisation, the challenge is to produce timely reports and have resources on hand to analyse and use them to detect threats and protect the business.
Configuration and management of SIEMs is a growing resourcing and technology challenge. With vast amounts of data being captured, your organisation will need to build a big data solution and integrate it with a SIEM solution. To do this, you’ll need a team of experts to integrate, maintain, and continuously tune these complex systems in order to deliver business value.
As these challenges evolve and new challenges arise from the ever-growing threat landscape, managed security service providers like Dimension Data are best positioned to scale and cost-effectively meet these challenges on our clients’ behalf. To find out more about how to better equip yourself, as well as your organisation, from cyberattacks check out the 2015 Global Threat Intelligence Report.