Recently I had the opportunity to meet with cybersecurity pros at Spotlight 2018, Exabeam’s inaugural user conference. Whether speaking with a security leader, analyst, or insider threat program manager, the overarching theme is that change is a cybersecurity constant. And to be a cybersecurity expert in today’s environment requires leadership, agility, and knowledge.
Figure 1 – Exabeam CEO Nir Polak talking with security leaders and practitioners at Spotlight 2018
Five security trends stood out
- Securing the cloud
Many attendees were quick to say that their organization’s data is increasingly in the cloud. While most talked about their hybrid data center strategy, the emphasis was on moving more IT resources to infrastructure-as-a-service (IaaS) providers like AWS and Azure, as well as deploying software-as-a-service (SaaS) applications. Similarly, more of their data is either moving to the cloud and being shared between applications or is being created in the cloud (such as with Microsoft Office 365 or Google G Suite).
The maturity of cloud security and the ability to protect all data from both internal threats and external attacks varies by organization. In a recent report, only 35 percent of the most effective SOCs have adopted cloud access security brokers (CASB). And as few as 29 percent have adopted advanced network and cloud monitoring. Moreover, only 1 percent of professionals have cloud security as their primary job responsibility, though 28.5 percent list it as part of their responsibilities.
To build out their cloud security, many organizations can benefit by assigning clearer responsibilities to their team. They can implement a cloud security program. And, they can deploy technologies like CASB and advanced network and cloud monitoring; ingest cloud data feeds into their SIEM; and improve their remediation workflows for cloud incidents.
- Operationalizing security for the internet of things (IoT)
The deployment of internet-connected devices and assets on networks has skyrocketed—as have the associated security risks. At Spotlight, there was broad awareness that IoT networks need better protection.
Many attendees were implementing behavioral intelligence to monitor users for insider threats, while also looking to expand their program to include IoT. The main challenge was in staffing their IoT initiative. For many, IoT is being addressed on a “best-effort” basis—an extension of their existing security program—rather than as a separate program run with a new headcount. As a result, despite awareness of additional network vulnerabilities, some organizations have been slow to build out their IoT security programs.
- The staffing challenge
Hiring continues to be top priority, with 45 percent of organizations believing their SOC is understaffed. Much of the demand is being filled by freshly-minted cybersecurity talent personnel to their organizations; 45 percent have been at their present company less than two years.
Spotlight attendees readily discussed how, despite rapid security team expansion in 2018, many positions remain open. Compounding the issue, most organizations are projecting more budget to grow their security teams in 2019. Many attendees were also improving the productivity of their existing staff with technologies to automate and assist threat hunting and remediation.
- A proliferation of attack vectors
Many report dealing with attacks that extend beyond traditional malicious files. While those threats continue to grow, attendees discussed the proliferation of zero-day attacks (a unknown software vulnerability) and cyberattacks that target specific organizations. Attendees also pointed to the ongoing threat of ransomware and fileless attacks.
MITRE’s ATT&CK knowledge base and model for cyber adversary behavior was cited several times as being very useful for understanding security risks.
Fortunately, leading security management technologies have evolved to help threat hunters meet these new challenges. Nevo Laron, Exabeam’s Sr. Director of Global Customer Success, discussed how to detect and investigate pass the hash attacks in his technical workshop on building custom use cases.
Security programs are also evolving to better mitigate insider threats. A panel of Deloitte leaders shared their strategies on building an insider threat program that is part of an overarching risk program.
- Security in the world of big data
A theme that permeated all discussions is the challenge of managing the vast amounts of data being collected and analyzed by security analysts.
Figure 2 – The big data challenge: Analyzing the vast number of security
logs to ensure valid security tickets are created and investigated
Since Exabeam’s next-gen security management technology enables organizations to protect their most valuable information, managing and analyzing vast data amounts was a unified thread across many Spotlight presentations.
In “Transforming Security Operations with Modern Analytics,” Don Sheehan, Director of Cyber Defense Solutions at Grant Thornton, addressed how fundamental security technology stack changes are driving a shift from traditional SOCs to cyber defense centers. And many speakers shared how Exabeam’s Security Management Platform combines unlimited log data collection, advanced behavioral analytics, and automated incident response to collect, detect, and respond to security threats.
As the saying goes, “May you live in interesting times.” Exabeam’s Spotlight 2018 reinforced the notion that, for today’s security experts, life is far from dull.
To learn more about cybersecurity trends, download the Exabeam 2018 State of the SOC Report.
,3 Exabeam 2018 State of the SOC Report
,4 Exabeam 2018 Cyber Security Professionals Salary and Job Report