Engineer’s Corner – Advanced Security
In today’s current state, we’re seeing an incredible spike in sophisticated ransomware and phishing attacks, as warned by multiple agencies. The Department of Homeland Security recently issued an advisory on nation-state targeted attacks and the IC3 division of the FBI issued a Public Service Announcement (PSA) on the high impact ransomware has on U.S. businesses and organizations. These attacks that deny companies access to valuable data until a ransom is paid have driven some companies out of business and significantly impaired others.
With the expected addition of 50 Billion IoT (Internet of Things) devices by 2025, IoT devices are unfortunately not built with security in mind. These devices have access to your network and data, introducing a new breed of Advanced Persistent Threat (APT’s) to your environment. IoT attack surfaces vary by manufacturers. Some have made security an integral part of their application stack while others have been slow to adapt or even make their devices enterprise-ready. By a wide margin, very few IoT devices have an enterprise authentication system that can protect your network. The blend of what end-users use as enterprise users and what they use as consumers is getting closer by day and it is important to recognize these devices when they are in your enterprise.
Prioritization and the continued rise in all aspects of cybersecurity stress current programs that cause already taxed teams to be reactive instead of proactive. This creates situations where IT personnel are overwhelmed and overworked. Most IT budgets have a very low limit on what can be spent on security technologies and advanced training for personnel or are excluded from budgets altogether. Currently, there are over half a million open jobs available in the U.S. and over 3.1 million open jobs estimated by 2021.
With all this pressure on IT teams, how do you improve your cybersecurity posture?
As cloud services grow and networks become more decentralized, having a Security Operation Center becomes imperative to ensure your business is protected, but the added cost, resource demand, and the additional need for trained employees oftentimes make it difficult for businesses to build it out. As reported in several Gartner reports “A SOC is not just a luxury but a necessity in today’s threat landscape.”
SOC as a Service has become a trusted way to help companies centralize visualization of the enterprise and ensure high priority issues are dealt with immediately. Managed SOCs become an extension of your IT team and ensure you’re cutting through all the noise. SOC Analysts help figure out what your security alerts mean and how they can be prioritized, which improves the security operations. When adding a Managed SOC to your security posture, look for vendors that not only offer threat and vulnerability protection, managed detection and response (MDR) service, but also have a risk and compliance component to help gauge your security posture on an ongoing basis. These security advisory tools become advantageous when building a long term security framework.
If you’re interested in learning more about SOC as a Service options and providers, please contact your Aqueduct Account Manager or visit our contact us page.
–Rick Beaupre, Security Solutions Architect
References
https://www.us-cert.gov/ncas/alerts/aa20-006a
https://www.ic3.gov/media/2019/191002.aspx
https://www.us-cert.gov/Ransomware
https://www.cyberseek.org/heatmap.html
https://cybersecurityventures.com/jobs/