NG-OPS Strategy Guide
May 21, 2014 2 Comments
NG-OPS Strategy Guide: Navigating the Next Generation Security Operations Ecosystem
In today’s threat environment the only constant is change. In fact, everything is changing – the way our users work, the types of adversaries we face, and the techniques hackers use to infiltrate our networks. Such threats have become even more sophisticated than ever, bringing new risks and uncertainties that require more visibility in operations — thus a Next Generation Security Operations mindset.
This NG-OPS Strategy Guide introduces a new blog series on the Next Generation Security Operations Ecosystem to build upon and complement our prior blog series, they are as follows:
- Security Architecture Series
- Security Program Best-Practice Series
- Security Assessment Series
- APT Strategy Series
Disruptive Shifts and Converging Trends
The past few years have set the stage for some disruptive shifts in network security operations. These shifts are driven in part by the rise of BYOD, mobility, virtualization and the cloud, which have resulted in a new level of complexity and fragmentation with distributed systems.
Occurring in tandem, the proliferation of applications and infrastructure services inside the organization requires holistic organization into trust zones based upon risk and classification (see Adaptive Zone Defense) as well as greater policy orchestration, management and, visibility across access boundaries (inter-zone).
The ability to translate complex business and organization goals into a set of automated data center workflows is critical to not slowing down the application delivery process. It is also an essential part of making compliance and security requirements a lot easier to manage in a very dynamic environment. Network security needs to transform into agile and adaptive end-to-end automated processes. This requires a systems approach when thinking about network security.
“The threat can be broken down into three components: intent, opportunity, and capability.
Organizations need to know, ‘What is the intent of adversaries? What are the opportunities available to them?
And what capabilities do they have to exploit the opportunities?”
Felix Mohan, Senior Vice President and
Chief Information Security Officer, Airtel
The delivery of an application can trigger a cascading series of actions to ensure that the application is delivered efficiently and in compliance with any regulatory requirements. Next-generation firewalls (NGFWs) now provide the ability to implement policies based on applications, users and content, and they can provide the appropriate hooks for automation and orchestration solutions.
These disruptive shifts and converging trends have fused application and network layer functions, causing a fundamental reset of the security operations function.
- Organizations need to shift more security resources from preventing intrusion toward rapid detection and response
- Improving detection and response requires an intelligence-driven context-aware security approach
- Optimizing how security technologies, resources and process work together is pivotal to scaling security capabilities
- Automation frees up analysts to focus more on higher priority risks affecting the most critical assets and data
- SOCs need to build collaborative cross-disciplinary teams with highly specialized skill sets to combat advanced threats
- Evolving security operations optimizes the interplay of people, processes and, technologies to enable rapid response
- Orchestrated management of network infrastructure will be embraced as the next big thing
- The rise of DevOps drives much needed convergence between security and IT operations to add security by design
- Increases need to automate and optimize security operations to more effectively leverage resources/skills shortage
Reducing Operational Overhead
It’s a known fact that a lot of time is typically wasted on analyzing false positives generated by technology that is not correctly baselined, customized, tuned, optimized. Depending upon the environment, false positives can often be numerous and very difficult to verify, costing analysts valuable time determining whether or not something is an event the analyst should be worried about.
The tenets for this Next Generation Security Operations series are simple:
- Increase visibility across the enterprise to identify active threats quickly
- Understand the business impacts to better respond
- Utilize resources to the fullest
“People in the SOC need ways to react faster and better — they need ways to improve the efficiency of what they do.
They need ways to reduce the amount of time between the onset of an attack and the time it’s stopped or remediated.”
Rich Mogull, founder of Securosis
In order to help organizations reduce operational overhead the NG-OPS Strategy Series will currently include the following blog articles (although topics will be added as the theme develops and evolves):
- NG-OPS SOC Version 2.0: Build a Next Generation Security Operations Center to protect critical assets
- NG-OPS Evolving a SOC Team: Building, Nurturing and Evolving Security Operations Staff
- NG-OPS Operational Maturity: Migrating from Reactive to Dynamic Defense and Cyber Resilience
- NG-OPS Automation & Orchestration: The Next Big Thing: Automation and Orchestration
- NG-OPS Threat Modeling: Manage complex systems using a structured methodical framework
- NG-OPS Risk Management 2.0: Shifting focus from technical assets to critical business processes
- NG-OPS Smart Telemetry: Leveraging 3 levels of telemetry: End-point, Gateway and, Infrastructure
- NG-OPS Security DevOps: The critical convergence of security and IT operations with DevOps
Please feel free to propose additional topics and/or vote for which topics should get published before the others.
This new NG-OPS Strategy Guide builds upon and enhances the current APT Strategy Guide introducing a whole new set of topics into the framework.
APT Strategy Guide Framework
The era of advanced threats calls for a new approach to information security. When dedicated cyber adversaries have the means and methods to elude commonly used defenses, such as signature based detection, it is clear that conventional approaches are no longer sufficient.
The need for a Next Generation Security Operations mindset is evident across the industry. Technologies will continue to improve but in parallel we do need to ensure that we also evolve and improve our security processes as well as invaluable resources and skills. Attackers are constantly evaluating their methods and improvising new techniques. Defenders must think in those same fluid terms to keep pace.
The value proposition for a Next Generation Security Operations program includes improved security, resource utilization and, cost-effectiveness. Together with increased visibility and vigilance defensive strategies can be precisely aimed at addressing the most significant threats and protecting the most critical assets and data. Leveraging automation and orchestration the security team will have the knowledge and the cycles it needs to make informed risk decisions and invest in the right security controls.
Orchestrating People and Process with Technology
Many enterprises are looking toward 3rd party security services to help them handle some elements of their defense. But that doesn’t mean the expertise of the SOC staff will become less important. In fact, most experts agree the next-generation security analyst will have to be smarter than ever. The security staff of the future is going to need expertise not only about the domain they’re defending, but also contextual expertise to determine what combinations of events might present a threat. On top of that, they’re going to need analytical expertise so that they can determine the source of the threat — and how to stop it
Thanks for your interest!
Nige the Security Guy.