SBN

Building a Better SOC Based on What We Learned in 2020

Now that 2020 is officially in the history books, the world has begun to come to terms with just how historic the year’s events have been. Together, we have faced unprecedented challenges while battling a global pandemic, gone through a great deal of political upheaval, and have learned how to navigate a constantly evolving technological landscape, including new models for how we work and entertain ourselves remotely. 

Each of these significant challenges has been impacted at a high level by a cybersecurity landscape that has had to balance keeping the world connected safely across increasingly taxed networks with protecting against a new and growing crop of bad actors who have been waiting for an opportunity like 2020 for decades. 

Every network vulnerability opened new opportunities for hackers to infiltrate systems, steal data and wreak havoc. Several notable security incidents have left governments, private organizations, medical systems and large enterprise networks reeling. Many of these entities have discovered that their security plans are simply not up to the task of mitigating modern cybersecurity threats. 

Let’s dive into a few of the prominent network security breaches that offer lessons we can apply as we look ahead to 2021 and beyond. 

The Russian Hack of U.S. Federal Agencies

In December, news broke that the email systems of multiple U.S. federal agencies had been breached by hackers. The Treasury and Commerce Departments both reported attacks that potentially put incredibly sensitive government information into the hands of adversaries — the Department of Homeland Security suspects Russia is behind these incidents. It is hard to overestimate the potential significance of this attack, given the nature of the data that hackers may have accessed. 

Adversarial AI has become more common over the past several years. Most companies don’t manage information quite as highly sensitive as federal government data, but this incident is a timely reminder of the potential impact adversarial AI can have on any network. Through a common vulnerability —  breaking into the periodic automatic updates of the SolarWinds software — hackers were able to essentially trick Microsoft, Google and other providers about the identities of their computer systems, remaining undetected for months. 

Marriott Hotel Personally Identifiable Information (PII) Breach

The enormous Marriott hotel chain reported the loss of the personal details of more than five million guests in 2020. The names, addresses, phone numbers, birthdates and airline loyalty details were stolen by bad actors, likely with the intention of reselling the information and tracking the travels of government officials and business leaders. 

Similar to the U.S. Government email breaches, the Marriott breach occurred through relatively simple means — login credentials of employees at a single franchised property.  A similar attack occurred in 2018, but on an even wider scale. 500 million Marriott Starwood guest accounts, including passport and credit card numbers, were breached through unauthorized access, making this one of the largest known data breaches in history. 

Zoom Breaches

Zoom had a moment in 2020, rising in popularity as businesspeople and students throughout the world turned to the service for meetings and classes they could no longer have in person thanks to the COVID pandemic. Unfortunately, the company appears to have been woefully unprepared for the increased attention. 

Zoom experienced several notable security incidents throughout the year, including 500,000 user accounts that appeared for sale on a dark web forum. Hackers grabbed the account information by using user IDs and passwords that had been exposed in previous breaches, a tactic known as credential stuffing. 

Once inside, hackers gained access to sensitive personal and corporate information. Additionally, because Zoom codes were easy for hackers to guess, they could join meetings without an invitation and interrupt or share inappropriate materials, an activity that became known as Zoom bombing. 

U.S. Hospital Breaches

Five U.S. hospitals were targeted through major ransomware assaults in early 2020, resulting in a significant loss of sensitive data and tens of millions of dollars. These attacks resembled attacks that have been occurring with more frequency over the past few years. 

Ransomware attacks spiked by at least 50 percent during 2020, and healthcare organizations, in particular, have been targeted more often. Other frequent targets include manufacturing, the software industry, government, military, insurance and legal firms. 

One potential reason for the rise in ransomware attacks is the prevalence of ineffective, legacy rules-based systems being used to protect modern systems. Today’s hackers have become much more adept at bypassing these rudimentary systems. 

Looking Ahead

It has become clear that organizations will need to invest in single, purpose-built platforms to thrive as modern SOCs in 2021 and beyond. Yesterday’s security solutions are failing at increasing rates, and the associated data losses represent millions of dollars in revenue losses, the deterioration of public trust and a persistent issue that will not resolve on its own. At the highest levels, a new SOC approach is in order. 

Advantages of the Modern MixMode-Driven SOC

Modern threats require the modern solutions organizations can access through the MixMode platform. 

Single Purpose-Built Platform

Organizations stand to benefit significantly from a single platform that centralizes the benefits of network traffic analysis (NTA), network detection and response (NDR), security incident and event management (SIEM) and user behavior analytics (UBA). 

Data and Feed Agnostic Benefits

MixMode’s advanced threat and anomaly detection operates effectively and independently regardless of data format and type. SOCs can identify threats and anomalies in network traffic, log, API, time-series, cloud data and more. 

Predictive Threat and Anomaly Detection

MixMode uses third-wave AI to deliver constant network monitoring, identifying patterns and creating a generative baseline of expected network behavior. Should anomalous activity occur, the platform automatically detects and surfaces threats in real-time.

Deep Forensic Investigation Capabilities

Unlike legacy SIEM systems, MixMode offers full search and investigation capabilities without the requirement to store data in a third-party proprietary format. 

Ultra-Fast Deployment

In less than a day, MixMode can be fully deployed across an organization’s network, including hybrid networks with a mix of cloud-based and on-prem data storage. Traditional NTA, NDR and SIEM platforms can take months or even years to deploy. 

Enhance Your SOC with MixMode 

While this has been a sobering year for SOCs on many fronts, we have the advantage now to look back at what’s gone wrong and apply those lessons to a better plan for the future. 

Effective, next-generation SOCs must embrace comprehensive, smarter solutions that harness the power of predictive, self-learning AI in centralized systems that connect legacy data stores with network solutions that seemed futuristic only a few years ago. Cloud computing, BYOD and IoT-enhanced networks, edge computing and traditional on-prem servers can be monitored and kept safe with solutions like the MixMode platform. 

Learn more about MixMode and set up a demo today. 

MixMode Articles You Might Like:

MixMode Named a 2021 Best Tech Startup in Santa Barbara

SOAR: The Acknowledgement That All Of Your Cybersecurity Platforms Have Failed

CPO Magazine: Proactive vs Responsive AI: Which One Protects Against Major Modern Adversaries in Cybersecurity?

A Utility Company’s Barriers to Successful Network Oversight

Innovation During a Crisis: A story of PIE and Ice Cream

Our Top 2020 Cybersecurity Insights

*** This is a Security Bloggers Network syndicated blog from MixMode authored by Christian Wiens. Read the original post at: https://mixmode.ai/blog/building-a-better-soc-based-on-what-we-learned-in-2020/