The ongoing threat of cyber attacks continues to pose major challenges for companies. Many people now rely on external providers when it comes to SecOps. But even then, IT security is not a sure-fire success; it requires certain prerequisites. Ontinue, Managed Extended Detection and Response (MXDR) expert, defines five core principles critical to SecOps success.
IT security experts summarize all operational activities in their area of expertise under the term SecOps – i.e. security operations. Since the portfolio of tasks is very broad, companies need a Security Operations Center (SOC) to protect their IT infrastructure comprehensively - a single employee who manages the alerts from EDR (Endpoint Detection and Response) and SIEM (Security Information and event management) tools is by no means sufficient.
Core principles for effective and efficient SecOps
Since very few companies have the financial resources to set up a SOC and the lack of skilled workers prevents this even with perfect conditions, many rely on outsourcing. But cooperation with a service provider must also be extremely efficient in view of increasing cyber attacks and a constantly changing threat situation. Ontinue lists the five core principles for successful, effective and efficient SecOps.
Automation: Automation is a key aspect for SecOps teams to avoid getting lost in the flood of alerts. Security experts must therefore use SOAR (Security Orchestration, Automation and Response) tools to define meaningful response actions, i.e. automated reactions to recurring incidents. For example, in the event of an alert indicating a ransomware attack, the software could automatically isolate the affected host.
Collaboration: Seamless collaboration between companies and an MXDR provider's external SOC is the be-all and end-all for efficient protection. Even in times of sophisticated collaboration tools, many still use cumbersome and slow ticket systems. However, it makes more sense to use platforms such as Microsoft Teams or Slack, which enable more direct and informal communication between all those involved. This allows the Mean Time To Respond (MTTR) to be shortened.
Localization: In order to be able to guarantee the highest level of security, external service providers such as MXDR providers need a deep understanding of the IT infrastructure of the companies they work for. On the one hand, they must know the clients, endpoints and servers well, but on the other hand they must also have an overview of the individual properties and role-based access rights. It is also important that they know exactly what the existing business applications are and which of them are essential for the company and daily operations. Some MXDR vendors, with company permission, implement AI bots that automatically monitor IT infrastructure and alert external SOCs when unknown hardware or software appears.
Specialization: When it comes to security architectures, less really is more. Many service providers rely on a portfolio of security products that is too large. The disadvantage: Your experts have to deal with different technologies. It therefore makes more sense to concentrate on a manufacturer's holistic ecosystem, to integrate security operations easily and comprehensively and thus to deliver the highest quality in this area. Internal IT experts also find it easier to collaborate with external colleagues if the product portfolio used is as uniform as possible.
prevention: The best alert is the one that never comes up. Businesses and service providers should work together to address threats proactively, not just reactively. In plain language, this means that both sides work with foresight. On the company side, this means informing the security partner of changes in the IT infrastructure in good time or even involving them in the evaluation of new hardware or software. On the part of the service provider, this means, among other things, investing a lot of time in so-called threat intelligence, i.e. in detecting possible future security gaps and threats.
“Putting efficient SecOps into practice is not an easy undertaking – neither for MXDR providers nor for companies,” emphasizes Jochen Koehler, VP EMEA Sales at Ontinue. “It is therefore important that all stakeholders pull together and that collaboration works smoothly. This only works if both sides work on seamless communication and do everything individually in their respective areas of responsibility to take the highest security precautions. This is the only way they can make life really difficult for hackers.”
More at Ontinue.com
About Ontinue
Ontinue, the expert in AI-powered Managed Extended Detection and Response (MXDR), is a XNUMX/XNUMX security partner headquartered in Zurich. To continuously protect its customers' IT environments, assess and continuously improve their security posture, Ontinue combines AI-driven automation and human expertise with the Microsoft security product portfolio. Through the intelligent, cloud-based Nonstop SecOps platform, Ontinue's protection against cyber attacks goes far beyond the basic detection and response services.