To most effectively combat sophisticated and stealthy cyberattacks by advanced nation-state actors, today's modern-day security operations center must first truly understand their own businesses, according to Monzy Merza, vice president of security research at Splunk.
"They have to understand where the risks are, where the threats are based on the environment that they're living. So know thyself first," asserted Merza in an interview with SC Media at Black Hat 2019 in Las Vegas. "And once you understand that, then you can work your way backwards to [determine] what kind threats will you face, what vulnerabilities do you have... within your system, and what sorts of adversaries are the ones that are known to exploit those kinds of vulnerabilities." And from there, the SOC team can fortify their operations accordingly.
In light of the Capital One data breach that was disclosed last month, Merza also offered his take on how organizations can respond better to cyberattacks on cloud-based assets.
"It still boils down to the basics in many ways. It's how well are organizations doing their vulnerability management, how well are they doing configuration management," said Merza.
Merza also said that as companies increasingly migrate systems, services and data to the cloud, security operations are "going to get pressured a little -- and are already getting pressured -- to learn more about how applications and services and technologies work, and I also think it's a very good opportunity for security teams to start to become part of the business rather than sitting outside and looking inward.