The New CISO Ep. 78: Bridging the Effectiveness Gap: A CISO’s Perspective on New-Scale SIEM with Tyler Farrar
Podcast Transcript | Air Date November 3, 2022
Meet Tyler (2:06)
Host Steve Moore introduces our guest today, his colleague, Tyler Farrar. Before working at Exabeam, Tyler was a customer.
With his impressive background in the security field, Tyler explains Exabeam’s perspective on “defender behavior” and balancing incident response and crisis management with prevention.
The Focus On Prevention (5:50)
Steve presses Tyler on how you should balance your methods to increase prevention. Tyler lists different preventative tools, such as firewalls, and stresses the importance of detecting suspicious activity early on.
Tyler gives his take on how response becomes prevention in crisis management. Preventative tools can fail, so being able to detect suspicious behaviors is critical.
Addressing The Gap (10:36)
Addressing the gap in analytics, Tyler recognizes that there is a difference between what the security team needs and what the SIEM product delivers.
Every company faces an immense volume of data, an inefficient manual cyber process, and software that can fail to detect the attacker’s behaviors. Tyler lists the solutions that can counteract these problems, including behavioral analytics.
The Rise Of Malware-Free Attacks (14:32)
Steve points out how 71% of cyber-attacks are credentialed and malware-free. Tyler explains that attackers use the compromised credentials approach because it is easy. CISOs can miss the mark because legacy software can be ineffective at detecting threats.
New-Scale SIEM (20:43)
According to Tyler, new-scale SIEMs would be able to securely ingest data from anywhere, parse through that information quickly, and then store that information and make it searchable.
Tyler also explores his philosophy on how to design a SOC. One example of a productive SOC is conducting risk assessments throughout the organization to identify gaps and then acting on those results.
Life Of The Analyst (28:52)
Steve presses Tyler on how the experience of the investigation factors into meaningful work for the analyst.
Tyler stresses the importance of SOC leadership to make the team effective. A stressed SOC can lead to the loss of talented workers and affect the company’s security.
New Software Ahead (33:16)
Tyler discusses the products he is looking forward to on the horizon. Every CISO’s goal is to keep their company safe. Being able to show the threats and the vulnerabilities in place would be hugely valuable, which is why Tyler is interested in Systems Navigator.
SOC Philosophy (49:55)
Tyler’s top SOC philosophy is to be aligned with your adversaries and learn how they think in addition to your defenders. Understanding both perspectives can create a culture of empowerment and protect the organization from threats.
Links mentioned: