Industry Insights with Robert Albach

How to Make the Cybersecurity Process More Effective

Use a Platform Approach to Bring Context and Reduce Risk
How to Make the Cybersecurity Process More Effective

While there seems to be no shortage of cybersecurity tools that organizations can choose from, there is also no shortage of security challenges that organizations face today.

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

The answer to the increasing volume of challenges is not to just add another tool into the mix, it's to add the tools the organization is already using into an integrated cohesive mix. Many organizations pull in data from different tools and then convert it for analysis, often with a SIEM. This approach is both expensive and inaccurate, since proper context for the data can often be lost. What's needed is for data coming from different tools to remain in the source format, while still being usable in other tools - and that is often easier said than done.

With all the different input sources for data and the need for rapid response, automation is required. That way, if one tool identifies a particularly risky item, it can trigger a series of actions across other tools to enable remediation and enforcement. This series of actions is your organization's playbook, and it's the cornerstone of security orchestration at scale.

Bringing More Value to Firewalls

While firewalls have visibility into the ingress/egress (north/south) traffic of the network they are deployed on, they often don't have full visibility into the broader application workload deployment. The firewall needs to be part of an integrated platform that pulls multiple tools into the mix. If it isn't, incident investigators will miss a relevant connection and activity data to ensure proper context.

Driven by your automated playbook, the firewall becomes part of an orchestrated system that pulls the right data from the right tools to provide the correct context for understanding the incident.

An integrated workflow across tools is also critical to the concept of Extended Detection and Response, or XDR. For an XDR approach to be effective, security professionals need visibility into endpoints, edge devices, network traffic and everything in between - in an integrated fashion. Then they can pull the relevant information up into a unified platform, where they can correlate incidents and conduct effective threat hunting.

The Cybersecurity Maturity Model

Developing a mature cybersecurity process is a complex undertaking. One sign of maturity is the kind of repeatable processes that an orchestrated security platform enables. The Cybersecurity Maturity Model Certification, or CMMC, is one way to measure the maturity of an organization's security processes.

The CMMC is primarily concerned with controlled unclassified information, or CUI, content. Knowing where that information exists within an environment is critical to the success of passing a CMMC audit.

Having an integrated platform with visibility tools is a good first step for CMMC, but it's not enough. You need a system that can orchestrate the capture of CMMC CUI-relevant data, identifying where it is and how it traverses the environment. An integrated platform approach makes it possible to identify the data to which CMMC applies and then put in controls against that data.

It's All About Process

The path to improving security is largely about improving processes.

When organizations are able to better define their process, they can use technology such as Cisco SecureX as an automation vehicle. An integrated platform allows organizations to invest more in their process and figure out what the right workflow should be.

If your organization can replace manual integrations and the monotonous routine of looking at multiple tools with a unified, integrated platform, IT professionals will have more time to focus on the processes that matter. It's a virtuous cycle: Focusing on process enables more automation, which frees up more resources to optimize the process.



About the Author

Robert Albach

Robert Albach

Sr. Product Line Manager IoT Security, Cisco

Mr. Albach joined Cisco in 2010 when he defined and delivered three network security solutions with the most recent - Cisco’s first Industrial Security Appliance. Prior to his Cisco tenure, he guided the IPS Management solutions and low end IPS solutions for Intrusion Prevention pioneer TippingPoint. Outside of network security, Mr. Albach has lead product management efforts in the application management space at IBM/Tivoli; BMC; and Quest Software.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.