Unfortunately, cybercriminals haven’t changed their approach. They’re still seeking to undermine the confidentiality, integrity and availability of systems and data. If anything, they’re harder at work, seizing upon this disruption as an opportunity to take advantage of lax security controls. In order to defend our organizations in this new world, we need to get back to basics and increase the visibility we have into what is going on within our on-premises and cloud environments.
We need to reduce the mean time to detect (MTTD) security incidents, allowing us to respond more quickly. Cybersecurity analysts at Mandiant recently released the “M-Trends 2020” report, showing that the global median MTTD fell from 78 days in 2018 to 56 days in 2019. That’s an improvement, but it’s still not good enough. The average cybercriminals still have nearly two months on their victims’ networks before being detected. Let’s look at three ways organizations can reduce their MTTD.
1. Implement a Security Orchestration, Automation and Response Solution
SOAR is a single security platform that allows for the orchestration of alerts across a multitude of sources and then enables the automated execution of playbooks for accelerated incident response. SOAR helps organizations to:
- Increase their visibility into security information and incidents
- Decrease their MTTD
- Automate their response
2. Invest in Tools to Feed the SOAR Monster
SOAR tools are a great way to increase visibility; however, they must be fed the right data as sustenance. Once you choose a SOAR platform that fits within your current set of security tools, you should look for additional tools that will increase your visibility into events. Topping that list is multifactor authentication. Many MFA solutions, such as Okta or Cisco Duo, already integrate into an organization’s existing cloud applications to provide an additional layer of security protection to applications and users. To the same extent, these protections can also harden access to an organization’s cloud consoles.
3. Establish Strong Governance to Control Usage and Costs
As we make the ultimate leap into the vast expanse of cloud networks, we must also focus on establishing good governance practices that help us to:
- Understand the division of security responsibilities between an organization and its cloud providers. Most cloud providers have very strict guidelines on where their responsibility ends and a customer organization’s begins.
- Develop a plan and responsibility list for how infrastructure and development teams utilize the infrastructure.
- Create boundaries to control costs. Many organizations are learning that Amazon Web Services and Microsoft have built the best electronic metering/toll systems in the world. These systems offer unprecedented insight into and control over costs.
For each of these solutions, CDW has dedicated experts that can assist organizations in their cloud journeys.