Fragmentation: the silent killer in security management

How to overcome the detection deficit and reduce the gap between tools and teams

security management

Closing the gap

Today’s detection deficit between attackers and defenders is near an all-time high – and the gap is only getting wider. While many factors contribute to this deficit, among the top is the fragmentation of people, processes, and technologies.

Security personnel – from incident response to threat intelligence teams – are all fighting to keep up with a breadth of cyber threats, including ransomware, malware, and phishing attacks. To fight off evolving attacks, each team layers on different tools and processes, creating a lack of coordination and a plethora of data and intelligence. This complex layering creates fragmentation, leaving vulnerabilities exposed. To combat the detection deficit and reduce the gap between tools and teams, Adam Vincent, co-founder and CEO at ThreatConnect, describes best practices for overcoming security fragmentation.

security management

Uniting tools and teams

To successfully defragment cybersecurity efforts, organizations need to unite all of their people, processes, and technologies in one place, making each of them work smarter and stronger. A cybersecurity platform provides visibility across high volumes of security data, helps determine the usability of that data, and creates clear processes in detecting, triaging, and remediating that data.

3 intel

Use the best intel

Every organization is tackling a large amount of data, and the cybersecurity team is no different. Make sure to choose the right mix of threat data for your organization’s particular issues, infrastructure, and security posture. This can include a combination of intel feeds, open source, and paid sources.

security management

Focus on what is relevant to you

The threat landscape is growing exponentially and so is the intelligence that informs a strong defense. Rather than focusing on intelligence about every threat, determine if your organization or industry is susceptible to it before taking action.

security management

Define team roles

Breaches occur in the seams between tools and teams. Organizations should ensure interactions between team members are smooth and defragmented by creating clear roles and responsibilities.

6 automate

Automate, integrate, and define processes

Speed is key in combating cybersecurity threats, and without united tools that effectively expedite processes, organizations can fall one (or more) steps behind an adversary. In order to defragment processes, organizations should automate, integrate, and define the proper steps for each process.

7 system

Create a system of record

As tools are united, team roles are clearly defined, and workflows are outlined, it’s crucial to maintain the consistency. To do so, create a centralized knowledge sharing center, keep historical data, and document workflows.

To comment on this slideshow, head over to our Facebook page.

Copyright © 2017 IDG Communications, Inc.

Related Slideshows