Achieving Warp Speed: Making Sure Your Security Infrastructure is Up to Snuff Will Supercharge Your Incident Responses

When James Kirk found his beloved starship Enterprise unresponsive at a moment in which he and his crew faced seemingly hopeless odds, he would press the communication button on his captain’s chair and bark something at his chief engineer like, “Scotty, we need warp speed in 3 seconds or we’re all dead!”

In many ways, Captain Kirk was speaking for future cyber security leaders everywhere. Granted, odds are that no one’s physical life is in danger when a security breach occurs, but the threat to people’s finances and privacy are real, and the stakes are unmistakably high.

AWS Builder Community Hub

Just as Kirk sometimes discovered that the Enterprise was less than ready to respond at key moments, today’s security decision makers often find themselves saddled by sluggish or unresponsive infrastructures as they face critical real-time decisions.

And just as Kirk needed the Enterprise’s engines to operate as expected in those moments, CISOs need their security infrastructures to support the real-time response capabilities required to mitigate cybersecurity incidents.

Which brings us to this question: Is your cyber security infrastructure ready to perform at those critical moments when a security breach is morphing into something much worse?

According to a recent Forbes Insights survey, the answer appears to be a resounding “no.” Forbes polled more than 1,000 security professionals and found that 75 percent are less than satisfied with the speed at which they’re able to resolve security issues.

What’s more, respondents indicated that the inability to respond to (and resolve) an incident quickly enough exposes a gap in their employers’ security postures.

Being able to quickly launch a digital forensics effort that provides the data needed to determine the correct response is a critical component of an effective security program. How much time elapses between being alerted about an incident and taking action can make or break the success of an attack.

This post from Cyber Triage argues that not being able to rapidly collect data on a security incident can give intruders the time they need to make off with more data, delete key evidence, or, potentially even more damaging, entrench themselves for a longer-term breach.

Two of the prevalent strategies for speeding up this forensics processing, continuous monitoring and automated collection, both rely on infrastructures that are firing on all cylinders in order to provide real-time insights about ongoing breaches. The old adage about only being as strong as the weakest link applies here.

To help ensure that an organization’s infrastructure can give its cybersecurity team an edge, Forbes recommends a few strategies that are sure to speed up the performance of that infrastructure:

-Establish a software-defined approach to application development. Doing so seamlessly folds security testing into the building of applications and thus provides a much clearer path to figuring out how and where a breach may have started.

-Manage your application environment in the cloud. This makes it possible to take advantage of improved visibility, agility and consistency. Companies that do this find they have more resilient infrastructures that are easier to debug. (The Forbes survey found that one-third of organizations with robust security operations put their endpoint detection and response solely in the cloud.)

-Make use of artificial intelligence. Let’s face it: security teams are overwhelmed. There’s too much flying at them to keep up with, and by combining AI with automated response tools, an organization can greatly speed up their patching process. Bonus: Not only does this reduce patching costs and increase efficiency, it also frees up security personnel to focus on other critical tasks. What’s more, AI and machine learning can add more punch when used to assign risk scores to incoming alerts, thereby reducing the time needed to determine whether an incident needs to be escalated.

Look at it this way: If you’re captaining your organization’s security operation, and you find yourself under siege from an unknown attacker, do you want your Enterprise to have warp drive immediately available, or would you rather find yourself barking at a lieutenant to miraculously save the day?

The latter may be more theatrical, but whereas Captain Kirk was trying to save fictional lives, you’re protecting real and valuable assets. Leaving that in the hands of a sluggish infrastructure tells everyone from customers to future attackers that you just don’t care, and that’s the not the message you want to be sending anyone.

*** This is a Security Bloggers Network syndicated blog from RSAConference Blogs RSS Feed authored by Tony Kontzer. Read the original post at: