Key Success Factors for Efficient, Effective Security Operations
Security Operations (SecOps) is a pressure cooker. Inundated with alerts, SecOps team members struggle with stress and potential burnout as they handle multiple, often conflicting information streams. The industry is hard at work devising solutions to ease this difficult situation. This article looks at some of the key success factors a solution must embody to make SecOps efficient and effective. We have based it on testimonials posted by a number of our customers on IT Central Station.
Solutions that drive toward the goal of efficient, effective SecOps need to monitor the widest possible range of devices on the network. As John C., a Chief Security Officer, explained, this need arises because networks see many users each with a variety of devices on the network—and any of them could be threat vectors. He said, “Awake Security helps me monitor devices used on my network by insiders, contractors, partners, and suppliers. We have vendors coming in all the time, we partner with people who use our Wi-Fi access, the internet from within our environment. I have a few people who come in on my guest network and I don’t know who they are, but if an incident happens, I can quickly identify the systems that are concerned.”
He went on to say, “A lot of times people bring systems in that aren’t under my control or introduce threats in my environment which I can attribute to a visitor log right away. I feel a lot more comfortable that, if I get a trigger on Awake, I can quickly identify that device as belonging to one of our employees because I have seen it over a long period of time; or I can identify if it’s a new device which could be a visitor or the like. I get a lot more clarity on lateral movement in my environment than I think I could any other way.”
Security managers today are constantly searching for threats. To be effective, a solution must be able to detect a broad set of threats. For example, as Rick P., a Senior Security Engineer at a pharma/biotech company with over 1,000 employees, shared, “We had an incident that involved a phishing email that came in. We were able to use Awake Security to detect everybody on the network who actually went to the website linked to by the phishing email. It allowed us to take care of the infection. Whereas before, we’d have to wait and base things around user self-reporting.”
For Kristofer L., a Director of Information Security at a computer software company with more than 200 employees, the advantage of his solution came from its ability to catch “various, very hard to detect models of data ex filtration, such as data exfiltration via DNS or ICMP. Dwayne S., a Senior Analyst Security and Compliance at an insurance company with over 5,000 employees, similarly found that Awake was able to find incidents that his team did not realize were happening in the environment, such as a Tor beacon.
False positives and negatives are a major driver of wasted time and employee stress in SecOps. For this reason, a solution that delivers a low rate of false alerts will be held in high regard. John C compared his new solution with his SIEM in this context, noting, “If you gave me a false positive with a SIEM, I would have to invest four hours to find out that it was a false positive.”
“The data science capabilities of Awake are a big reason why the false positive rates are so low,” said Eric E., a Chief Information Security Officer at Dolby Laboratories, a media company with over 1,000 employees. He added, “The data science side really gives Awake the ability to spot things that are out of the norm.” In his case, examples included IoT devices or devices for which it is hard to have a standard profile. He said, “It does a good job of figuring out what’s out of the norm for that type of device or the type of traffic that would typically come from that device.”
SecOps teams need to move quickly. This is a matter of efficacy, but also one of productivity. Solutions that enable faster time to remediation improve SecOps efficiency. A Head of Cyber Threat Operations at an energy/utilities company with over 1,000 employees put this matter into perspective, commenting, “The most valuable aspect of the tech is the fact that it’s like a ‘force-multiplier.’ It will reduce the amount of time and effort it takes to triage a potential compromise.”
Kristofer L concurred, saying, “The time from finding threats to remediation is almost instantaneous. What is impressive about the tool is the time to value.” He further reflected that, “it also allows me to prioritize my staff. So, there are a lot of intangible dollar savings there. Rather than having a group of folks running around attempting to focus on preventative measures, we are focusing on the situations at hand ensuring that we have a grasp of what’s going on in our network.”
Given that a large proportion of network traffic is encrypted, an effective security solution must be able to monitor and analyze encrypted traffic. To this point, an Associate Director, Cyber & Information Security at an insurance company with over 1,000 employees revealed, “This solution’s encrypted traffic analysis is good. Every time I have needed to retrieve data for decryption, it was available.”
Eric E echoed this sentiment, stating, “The encrypted traffic analyses are a key part because encryption has become the de facto standard for all network traffic, even internal traffic. One of the biggest challenges for security teams over the last five years is that we have more and more encrypted traffic – rightly so – to help protect those data streams, but because of that, it makes it hard to have visibility into that traffic. Awake has the ability to understand encrypted traffic and capture parts of traffic that we want to look at more closely while at the same time has very little impact on that traffic because it’s sitting on the side and viewing that traffic without being in front of it and having a negative impact on it.”
These are some of the key success factors SecOps managers are looking for in a security solution. To learn more about what real users think of Awake Security, visit IT Central Station.
VP, Strategy and Marketing
Dig Deeper with These Resources
Awake Security 2 Minute Explainer Video
What if security could think? What if it could sense danger, calculate risk, and react quickly based…
The Internet’s New Arms Dealers: Malicious Domain Registrars
This report dives into the results of a multi-month investigation that uncovered a massive global surveillance campaign…