Recently a business publication asked me to share perspective for its new weekly column profiling New York-based Israeli start-ups. The questions that the reporter asked forced me to think long and hard about what it’s like running a cybersecurity company in the Big Apple after planting its roots in Tel Aviv, especially in light of the ongoing pandemic. This exercise was interesting in and of itself, but it also prompted me to reflect much more broadly on the past 20 months and how infosec as a whole has been reshaped.
From my perch in the CEO’s office of a thriving cybersecurity start-up, I see rapid transformation in our industry. Widespread migration to the cloud and the shift to remote work during the health crisis means that there are no longer distinct perimeters encircling corporate networks. When coupled with the adoption of IoT and the “bring your own device” trend this means that security teams have an almost impossibly large attack surface to protect. At the same time, thanks to stringent compliance requirements and evolving corporate attitudes toward risk, organizations now desire holistic visibility and continuous threat monitoring, detection, and response.
All this has created a situation where the average enterprise security operations center (SOC) has a wide assortment of good security tools at its disposal, but alerts have become incessant and security analysts are bombarded with unorganized, out-of-context and unactionable data difficult for security teams to triage, prioritize, and act on. This also raises the risk of larger issues, like burnout, among security professionals at a time when the industry already faces a dearth of skilled workers.
In total, the situation has become untenable. The traditional SOC and the approaches of the past no longer meet the needs of the average business.
The SOC must evolve and address the unique challenges of today’s reality. It will require new technologies, processes, and ways of thinking. With remote and hybrid work now the norm, security operations must itself embrace decentralization, location-independence, and people-centricity. We need more agile SOCs that are flexible and sustainable. It’s time for an “anywhere operations” approach to cybersecurity. By this, I mean that a SOC must have the following capabilities:
Whether they are modernizing their own internal security operations, or selecting a managed security service provider as a partner, organizations must do the following:
The cybersecurity and business landscapes have changed dramatically since the days when SOCs first emerged. Today, organizations are multi-cloud, hybrid, and without perimeters. Threats are more prolific and professionalized. The attack surface has expanded, and organizations, including their security teams, are more remote and dispersed.
We have reached a defining period for SecOps, and business-as-usual won’t suffice. SOCs must transform to meet today’s new realities. By embracing the elements of “anywhere security operations,” which include increased use of cloud-native, collaboration, and automation technologies – as well as greater focus on transforming culture – SOCs can succeed in this new paradigm.
Amos Stern, co-founder and CEO, Siemplify