Endpoint/Device Security, Incident Response, Patch/Configuration Management, Security Operations

How The Best Defense Gets Better: Part 2

For many enterprises, incident response is an exercise in chaos. Security teams scramble to figure out how a data breach happened and crash into brick walls as they try to collect information from different departments that are often siloed from everyone else.

It doesn’t have to be that way. Advanced security teams have learned that the saner, more effective approach to incident response is based on:

  • Constantly practicing how to respond to a variety of attacks
  • Proactive maintenance of systems
  • Teamwork based on information sharing across company departments
  • Well-integrated tools

This week, Enterprise Security Weekly sat down with Stephanie Aceves, Senior Director, Threat Response SME Lead at Tanium, to discuss where to start when building an effective threat response plan and how Tanium can help — not just with investigation and remediation, but with preparation, facilitating cross-collaboration internally and with tabletop exercises to help security teams prepare for what may come.

“Knowledge sharing is one of the most important resources we have in the cybersecurity space,” Stephanie said. “I just spoke to a high school student who is interested in learning about cyber. I kept telling her, ‘…you’re never going to know all the things and that if you’re the expert in the room, you’re in the wrong room.’”

This continues a discussion we began last month with Tanium’s Lead Enterprise Services Integration Engineer, Russell From, about the key ingredients and order of priorities for a holistic security program. He stressed the importance of starting with identification and protection — just as the National Institute of Standards and Technologies (NIST) recommends in its Cybersecurity Framework (CSF). By starting with identification and protection, you can detect and respond better. Russell outlined how to do it using the Tanium Platform.

Tanium provides high-fidelity data to inform critical IT decisions. Using a single agent, single console and zero intermediate infrastructure, organizations can query millions of endpoints in seconds and leverage that data to drive workflows spanning multiple domains in IT, including security, operations, risk and compliance.

To learn why the best security teams rely heavily on Tanium to get smarter, faster and better in responding to threats and how your organizations can do the same, watch the demo on Enterprise Security Weekly here, watch part 1 here, or visit securityweekly.com/tanium for more information.

Register and watch Tanium’s on demand webcast, How to Implement Cloud Security That Actually Works: Lessons From the Front Lines, here!

Bill Brenner

InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.