SecureSteve QuBIT – “IT Detects Security Threats First. It’s Worth Considering Why.”

Source:

Title: “IT Detects Security Threats First. It’s Worth Considering Why.”
Author: Tyson Supasatit
Link: https://www.forbes.com/sites/extrahop/2019/05/28/it-detects-security-threats-first-its-worth-considering-why/

SecureSteve QuBIT:

When I originally came across this article, I had a bit of a live stream of thoughts that came to mind. These are those thoughts. Unfiltered, minimally edited. Perhaps this could be a bigger post in the future.

The premise of the article is to compare/contrast IT, Infrastructure, and App Dev, into either “cannon fodder” or “Delta Force, SEAL, Ranger, and SWAT”

• There’s a certain “elevation” that Sec ops teams are having
• While silos are certainly breaking down, we now have new ones between security operations, and incident response, and xxxx insert new team here
• Security products and “platforms” are impacting multiple groups with a single deployment
• With all of the “cyber” awareness in even in mainstream news, a significant focus has been around the “security efforts” of “the security team” of an organization
• Brooke Noelke, Cloud solutions architect with McAfee, describes a shift in the way that security teams are perceived in an organization. They can no longer be “police officers”. They need to enable the business.
• Yet, we have now overlooked some of the basic teams that are in the trenches. We are in a process of trying to “enable the legacy “”security teams”” ” to have impact and enable the teams actually getting things done.
• Let’s look at recent breaches. The teams responsible for “keeping the lights on” are now cannon fodder for executives looking to point to someone or something to blame for an issue.
• this “shared cloud responsibility model” only exacerbates this situation. Now there are so many other people to point the fingers at.
• Like DLP, the biggest issue is process. If someone raises a red flag, where does that actually go? What about a puke-green kind of yellow flag that could fester into red, but could be avoided if appropriate action were taken?
• What about the fact that we’re spending bazillions on security tools, and security controls, and security assessments, and security pentests, and security awareness campaigns, and security… Yet when some very simple things get brought up in an average organization, bureaucracy gets in the way? Cybersecurity “silos” that organizations have spent millions on dissolving are “in the way”?
• The move to the cloud is exposing those problems
• The political climate of those personally responsible for the implementation of “security solutions” is becoming adversarial when it should becoming more collaborative.
• We’ve broken down barriers around certain groups. Let’s work to push the secOps teams to enable the other groups actually doing the work… (yikes, got to figure out a better way of saying this…)

Overall, there’s lots of additional collaboration opportunities for teams to work better together on our cybersecurity challenges. We all need to continue to push for this collaboration.

<fin>

#StayVigilant
#StaySafe
#LookOutForEachOther

#SecureSteve