In an era where CISOs grapple with massive amounts of data, complex threats, and automation in security operations, they need adaptive strategies and a solid foundation to maintain a strong security posture.
In episode 78 of The New CISO, Exabeam CISO and seasoned security operations expert Tyler Farrar discussed these challenges and effective ways to address them. This blog post covers Tyler’s insights, focusing on the key areas that CISOs should be aware of in order to stay ahead in this rapidly changing field.
In this article:
- Security operations challenges
- The importance of behavioral detection
- The benefits of Outcomes Navigator
- Fostering a culture of communication and risk awareness
- Conclusion
Security operations challenges
Tyler explains that the disconnect between security operations teams’ needs and what security information and event management (SIEM) products deliver can be broken down into three fundamental challenges:
- The explosion of data volume
- The manual nature of cybersecurity processes
- The persistence of attacker techniques exploiting compromised credentials
Addressing these challenges requires CISOs to concentrate on three core capabilities:
- Scaling and controlling data through log management
- Implementing behavioral analytics and detecting attacker techniques
- Automating investigations into detected anomalies
Legacy SIEM solutions often fail to deliver these capabilities, resulting in security operations teams struggling to keep up with threats.
The importance of behavioral detection
Tyler notes that compromised credentials are the leading cause of breaches. Detecting abnormal behavior related to these credentials is the real challenge. While preventative measures like strong passwords and multifactor authentication are essential, he asserts that “if you don’t have the ability to detect when the behavior of the compromised account changes from normal, that’s how and why security breaches are happening.”
The benefits of Outcomes Navigator
Outcomes Navigator, an app now available on the Exabeam Security Operations Platform, visualizes gaps between the data sent to Exabeam and coverage for specific use cases — compromised insiders, malicious insiders, and external threats — mapping events to the MITRE ATT&CK® framework.
For each use case, a detailed view is available, showing:
- Related use cases within the same category
- Existing log coverage for each category
- The data sources supporting each use case
- How well those data sources are being parsed, analyzed, used in correlation rules, and visualized in dashboards supporting that use case.
Outcomes Navigator offers recommendations to improve use case coverage, such as:
- Identifying additional data sources for increased visibility
- Suggesting improvements in field parsing
- Ensuring that data sources aren’t unintentionally omitted due to filtering
Outcomes Navigator adds value to organizations by reducing costs, bringing in the right data, and enabling SOC teams to resolve investigations more quickly and efficiently. Tyler is a strong advocate for the tool, having contributed to its development and using it daily as a CISO. He considers it a game changer, explaining, “Exabeam uses the ATT&CK framework to show gaps — or lack thereof — across every single threat actor tactic, technique, and procedure out there.”
Fostering a culture of communication and risk awareness
Tyler also emphasizes the importance of cultivating a culture of communication and risk awareness within an organization. Security leaders must be able to openly discuss the organization’s security capabilities and hold decision makers accountable. Implementing a common metrics model can help CISOs achieve this goal by gathering relevant evidence, transforming it into business risk, and reporting findings to leadership, highlighting gaps and providing assurance.
Conclusion
Tyler’s insights offer valuable guidance for CISOs navigating today’s complex cybersecurity environment. By focusing on behavior detection, automating investigations, and fostering a culture of empowerment, CISOs can protect their organizations from threats and maintain a strong security posture. By aligning with both adversaries and defenders, CISOs can transform their organizations, creating a culture of risk awareness and collective responsibility.
Listen to the Podcast
Success in security operations hinges on staying agile, informed, and proactive. To dive deeper into the discussion with Tyler Farrar and explore current challenges and solutions for CISOs, listen to the episode or read the transcript.
Similar Posts
Generative AI is Reshaping Cybersecurity. Is Your Organization Prepared?
British Library: Exabeam Insights into Lessons Learned
Beyond the Horizon: Navigating the Evolving Cybersecurity Landscape of 2024
Recent Posts
What’s New in Exabeam Product Development – March 2024
Take TDIR to a Whole New Level: Achieving Security Operations Excellence
Generative AI is Reshaping Cybersecurity. Is Your Organization Prepared?
Stay Informed
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!