Sarweshwer Gupta, Author At Everest Group

Next-generation Security Operations Centers | Blog

January 12, 2021

The rapid pace of digitalization has increased enterprise exposure to a diverse and evolved range of cyberattacks. However, many enterprises make security an afterthought rather than a part of their digital transformation journey. While they’ve always had a daunting task to make their business resilient, the COVID-19 pandemic has only added to their woes. A global shift toward remote working and the sudden expansion of the enterprise perimeter has contributed immensely toward enterprise challenges.

Here’s a quick snapshot of some high-level security-related challenges that enterprises will continue to face in 2021:

To overcome these challenges, which are associated with speed and scalability of security services delivery, enterprises rely on security operations centers (SOCs) to monitor systems and defend against breaches. As the frequency and severity of breaches continue to rise, traditional SOCs and Security Information and Event Management (SIEM) systems based on signatures and rule-based automation are quickly becoming obsolete, as they make it immensely difficult for security analysts to stay on top of internal and external threat-related data.

Consequently, SOCs need to transition to an “Aware” state that is underpinned by cognitive capabilities that help detect, prevent, and resolve incidents at scale to keep pace with evolving adversaries.

What is Aware SOC?

Simply put, an Aware SOC is underpinned by next-generation SIEM and cognitive technologies – AI and ML along with decision automation – to deliver intelligent security operations. The Aware SOC is built on a single platform that seamlessly integrates solutions from multiple vendors to augment existing capabilities. Designed to secure distributed enterprise architecture, an Aware SOC brings together the best of human + machine capabilities to help enterprises fight against the rising tide of sophisticated cyberattacks.

The table below shows how enterprises should think about an Aware SOC as an amalgamation of best-of-breed technology and talent:

Security operations done right: Moving to a platform-driven Aware SOC

The pandemic has been a major change agent for enterprises, significantly impacting their security operations. To incorporate speed and scalability in their security operations, enterprises are now re-thinking their SOC architecture. The platform that an enterprise chooses for its security operations has started to become a pivotal element of its overall security infrastructure, becoming the de facto operating system for other point-based security tools. The shift to a platformized cloud-first approach, underpinned by SaaS-based tools for monitoring, threat hunting, vulnerability assessment, and incident resolution is expected to be the springboard of security transformation for medium and large enterprises.

Here’s our view of an architecture for a platform-driven Aware SOC:

Enterprises can find significant value through platform-driven Aware SOC, where it can break systems down into building blocks and bring in modularity that allows them to scale and manage security controls across environments. The elements of platform, spanning data lake and network traffic analysis, also give enterprises enriched insights related to their existing and to-be security estates.

Advantages of investing in a platform-driven Aware SOC

Investing in an Aware SOC is a highly strategic decision. Beyond economic benefits, a platform-driven Aware SOC produces a number of other benefits, including speed, scalability, resiliency, and efficiency. The benefits discussed below are not an all-encompassing list but instead a starting point for exploring the benefits of investing in platform-driven Aware SOC:

Automated security across the enterprise IT estate – ingest alerts across multiple environments and execute automated workflows/playbooks to speed up incident response
Break team silos – playbooks for real-time collaboration capabilities that enable security teams to solve for existing and new threats and breaches
Expedite incident investigations – enables standardized response for high-quantity attacks such as DDoS attacks. Also helps security analysts adapt to sophisticated one-off attacks.

Whether an enterprise is thinking of outsourcing security operations or bolstering them internally, it needs to future-proof its overall cybersecurity strategy. While charting the broader cybersecurity strategy, an enterprise needs to keep a firm sight on its short-, mid-, and long-term business goals. This is where a platform-driven Aware SOC can help. A platformized approach to Aware SOC that stitches the entire security fabric together will go a long way in ensuring that the enterprise’s cybersecurity strategy aligns with business goals such as speed, scalability, and resilience.

Follow this space for more blogs on cybersecurity. Meanwhile, please feel free to reach out to [email protected] and [email protected] to share your experiences and ask any questions you may have.

Self-aware Data – Securing Data across its Life Cycle | Blog

December 16, 2020

Increasingly costly data breaches in recent years have shown the importance of data protection and privacy in the age of the data economy. While organizations have accelerated their pace in adapting to the increased levels of security and data sharing, much still needs to be done. IBM’s 2019 Cost of Data Breach Report showed that the global average cost to an organization of a data breach was US$3.92 million, a 12% increase over five years. The latest attack on the European Medicines Agency (EMA) – in which hackers successfully penetrated and stole important information regarding the COVID-19 vaccine – is just one of the many examples of ever-increasing cyberthreats.

Where are the gaps?

Indeed, the key ways in which organizations still fail to secure data – even after so many advances in cybersecurity – have been highlighted by the rising number of data breaches during the COVID-19 pandemic, including such examples as:

Organizations secure the transport layer in which data is transferred rather than securing data itself
The controls and policies lie within an organization’s IT estate rather than with the data owner
There is a lack of centralized visibility into data movement and assets across the organization
It takes too much time and effort to implement policy changes across the organization
Employee awareness of, and preparedness for, security is generally the weakest link in cyber defense; a majority of breaches can be traced back to human negligence

Moving toward self-aware data

This situation is precisely where self-aware data can help. Self-aware data refers to data that is intelligent and can protect itself from intrusions. Each piece of self-aware data can defend itself at any place, continuously, during its lifespan and does not rely on securing the communication tunnel, which is the common security method. The approach is based on democratizing data security, which includes a process by which the data owner sets up policies related to accessing their data. It treats the root cause of data loss rather than the symptoms.

Let’s take a closer look at how organizations can implement self-protecting, self-aware data:

Focus on data rather than the communication channel – The core focus should be on securing data. A wrapped layer of security protocols across data enables the user to freely send the data across media without the worry of data loss. The data owner sets these protocols, and only users who meet these protocols can access the data.
The owner controls the data asset throughout its life cycle – Once the owner creates the data and establishes access-related policies, that owner should have complete control of the data until it is deleted. Even if copies are made on any devices or stored across locations, the owner should be able to control the files with the same policies.
Seamless data movement and interoperability across platforms – Self-aware data needs to be operable across platforms, devices, applications, operating systems, cloud services, and data centers. It must be universally deployable and interoperable to provide real-world protection across today’s diverse environments.
Built-in log analysis – Organizations need to implement built-in log analysis across the data life cycle, from creation to storage, until destruction. Self-aware data should be able to provide proof of possession, custody, and control. It needs to provide this information back to its owner for every copy or instance from anywhere.
Ability to upgrade policies on the fly – To adapt to the dynamic cybersecurity regulations, owners should have the feature set to apply any new policy regulation across all files at any time.

Future-proofing data

In a rapidly changing digital world, there is also an increasing need to future-proof intelligent data. We thus recommend the following actions to safeguard self-aware data from the next-generation threats of AI-/ML-powered cyberattacks:

Implement geo-fencing and geo-location capabilities – Such policies can ensure that the data stays within the organization’s geographical presence, which is especially helpful as we increasingly see a rise in hacker groups from specific geographies.
Detect and safeguard related data pieces – Organizations should also ensure that the protection rules or protocols are able to replicate themselves wherever that data or any part of it flows. For example, if the protocols allow certain users to access an Excel sheet containing a sales data table, these protocols should be replicated automatically if any row of that sales table is used in any other document or Excel file to ensure end-to-end data safety.
Foolproof data against any augmented intelligence approach – Data masking and Generative Adversarial Network (GAN)-based techniques to generate synthetic data have been a boon for training AI/ML models. Self-aware data, if masked or even synthesized to generate new synthetic data, should be able to recognize the base parent file and initiate the same set of protocols on the new files created.

When combined with a zero-trust architecture, self-aware data can act as an invulnerable armor for the valuable data assets that organizations possess. To capitalize on the opportunity, some startups have already started work on tools and solutions to enable self-aware data in the hopes of making data breaches irrelevant.

If you have any questions regarding how self-aware data can help secure your existing data landscape or would like to share your inputs on the broader cybersecurity landscape, please write to us at [email protected] and [email protected].

Digital Trust – the Key to Secure Customer Engagement and Stickiness | Blog

September 17, 2020

In an age of pervasive cyberthreats and attacks, enterprises increasingly realize that ensuring trust and privacy is vital in the customer journey. In fact, CXOs now view cyber risks as business risks that can prevent them from establishing strong customer relationships, and they are proactively trying to find ways to address privacy or security gaps in their customer engagements.

In this context, the goal of digital trust is to instill confidence among enterprise customers, business partners, and employees in an organization’s ability to maintain secure systems, infrastructure, and perimeters, as well as to provide a secure, reliable, and consistent experience. Today, digital trust underpins businesses’ success directly by creating confidence among customers and other stakeholders.

Users at the core of digital trust

Establishing digital trust goes beyond the creation of a secure application or enforcement of stringent regulations to avoid cyberattacks. It is about leveraging the right combination of tools and technologies to create a superior digital experience for users that not only protects their privacy but also exceeds their service expectations.

To create such an unparalleled and smooth user experience through their digital transformation initiatives, enterprises should ensure and embed digital trust seamlessly in their processes and systems. Organizations need to understand that they can achieve 360-degree trust only if they keep the user at the center of digital transformation initiatives and build enterprise security controls around user attributes such as device, data, applications, and user environment.

To make digital trust a reality, enterprises should comply with privacy regulations to have the right data security controls across environments, employ usage-based security controls across the IT estate, provide secure access to user devices, understand user behavior through behavior and entity analytics, and monitor user activity to create secure access across applications, devices, and networks.

Building digital trust the right way

In a 2019 Everest Group survey of 200 CIOs, about 71% said they believe that they lacked centralized visibility across their IT estate, almost 42% said they were unable to measure and quantify end user experience, and 53% were unable to leverage essential technologies to improve end-user experience. About 70% of enterprises still lacked the capabilities of a unified threat detection system to prevent, detect, and manage unknown threats. These figures point to the glaring gaps in enterprises’ IT security infrastructures and understanding of their users’ experiences.

The concept of digital trust ties together business objectives and business resilience goals and ensures that the right user with the right intent is granted the right set of access and permissions for the right purpose. To build digital trust among users, organizations need to consider specific action items for different cybersecurity segments to create 360-degree digital trust, as outlined in the exhibit below.

Instead of implementing discrete security controls across the organization, enterprises need to take a holistic, outcome-oriented approach to cybersecurity. When organizations approach cybersecurity with the objective of creating a seamless user experience, it facilitates a sense of mutual and complete trust.

Digital trust in the age of COVID-19

The COVID-19 pandemic has led to a massive shift from offline to online channels. Such digital business extensions have created unprecedented security concerns worldwide. Users are concerned about the security of their private data and how organizations handle it. To build trust, enterprises must focus on building an empathetic and secure organization. If they can get this right, they will be able to win customer loyalty and trust, thereby laying the foundation of a future-proof sustainable business. As the world fights the pandemic, digital trust could well be the glue that binds customers to them.

To learn more about the need to think of IT security as the key enabler of digital trust among users and customers, please see our latest report, Digital Trust – The Cornerstone of Creating a Resilient and Truth-based Digital Enterprise. You could also reach out to us directly at [email protected] or [email protected] to explore this concept further.

Taking a Value Chain-led View to Secure Healthcare Enterprises | Blog

February 24, 2020

Between 2018 and 2019, the US healthcare industry experienced a five-fold increase in patient data breaches, with hacking accounting for more than 88 percent of them. More than half of the targeted entities were healthcare providers, primarily due to inadequate investments in cybersecurity and the negligence of unsuspecting employees.

Patient data is sacrosanct for the healthcare industry given its highly sensitive nature. In fact, patient Electronic Health Records (EHRs) are priced 10 times higher than credit card information on the dark web. Given that healthcare data is a lucrative target for cyber attackers, healthcare CXOs need a guided approach to secure their patients and enterprises against cybersecurity threats.

A value chain-led view of cybersecurity

Healthcare enterprises are becoming increasingly vulnerable to attacks as patient-centric care takes center stage and care delivery models such as mHealth and remote monitoring become commonplace. So, they must identify their crown jewels – patient data, care delivery applications, and medical devices, among others – across the value chain and allocate their cybersecurity investments accordingly. To do so, they need to contextualize threat intelligence, understand attackers’ behavior and intent, and make appropriate investments in cybersecurity to increase preparedness and reduce response time in the event of a breach.

Stress-testing the value chain-led view

To hack-proof their estates, healthcare enterprises need to adopt a value chain-led view to identify and alleviate cybersecurity concerns across four areas:

Patient engagement: Patient care starts as soon as a patient is made aware of a health condition. To prevent any patient data leaks, healthcare applications must be HIPAA-compliant, designed with patient privacy at the center, and have strong identity and access management controls.
Care/case management: The primary activities in care/case management are appointment scheduling, remote consultations, and mHealth application use, for which physicians need access to sensitive EHR data. It’s important to incorporate patient identity verification and data security layers for EHR access, as well as to build in network and endpoint security protocols to protect EHRs and devices connected to them.
Diagnostics, treatment, and monitoring: As medical devices increasingly connect to the provider network, malware attacks aimed at halting care operations threaten to disrupt hospital functioning. Healthcare enterprises can strengthen their endpoints by adopting malware protection, endpoint detection and response solutions, and device management software. Additionally, providers need to prevent unauthorized access to their systems.
Financials and network management: Providers should also invest in data and network security to make sure all patients’, payers’, and banks’ financial transactions are safe and secure.

Here’s an example of how a healthcare provider can prioritize its IT security investments in accordance with its business priorities by taking a value-chain view.

Setting the wheels in motion

Once healthcare enterprises have identified what to do to bolster security across the value chain, they need to think about how to do it. We recommend a three-phased approach:

Prioritize: Enterprises need to prioritize their investments and chart out a strategic and technical implementation roadmap. Having a cyber architecture in place, along with a future security plan, will aid implementation.
Evangelize: Once implementation begins, providers should address internal risks and change management by combining a consultative approach with a sharp focus on managed services. They should ensure that all business units across the value chain are involved for a harmonized security view.
Protect at scale: They should also invest in talent, short-term detection, and long-term threat investigation capabilities across the value chain, as well as solutions contextualized for threat management.

A real-life example of the value chain-led approach in action

US-based Trinity Health adopted an enterprise-wide data security strategy in the aftermath of the WannaCry ransomware attack in 2017. It implemented an asset management plan to govern its connected devices and networks to improve its response to adverse events. It also instituted an event response team to isolate, contain, and deploy patches when threats were identified. Realizing that its employees could also be vulnerable targets, Trinity Health initiated exercises to help them recognize and respond to cybersecurity threats. And that’s not all; it also leveraged the National Institute of Standards and Technology (NIST) Cybersecurity Framework to redesign its procurement process, technology and security assessments, and supplier evaluation responsibilities to recover in case of actual emergencies.

In an industry committed to digital transformation and increasingly embracing patient-centric care, healthcare providers must devise a well-thought-out cybersecurity strategy to protect their crown jewels across the value chain. This is the only way they’ll retain patients’ trust, drive brand value, and ensure better outcomes for all stakeholders involved.

Aware Automation: An Enabler of Business-Centric Infrastructure | Blog

September 10, 2019

In today’s digital world, enterprise success is all about speed, agility, and flexibility in order to adapt to market and competitor dynamics. It is no surprise that 62% of enterprises view IT services agility and flexibility as a primary focus of their IT services strategy¹, with cost reduction seen as a derivative.

The digital businesses of today require a business-centric IT infrastructure that is agile, flexible, scalable and cost-effective. For a long time, IT infrastructure has taken up an inordinate amount of time and the lion’s share of precious resources (particularly financial). However, with new cloud delivery models gaining prominence and advancements in the underlying technology, business leaders now view IT infrastructure as an enabler of digital transformation — or at the very least, want to ensure that their IT infrastructure evolves to such a state.

Read the blog on IPSoft

Aware Automation: How Enterprises Can Capture Value | Blog

September 10, 2019

In a previous blog post, we explored the evolution of enterprise IT infrastructures from a cost-center positioning to one that enables digital transformation through a concept known as aware automation — a combination of intelligent automation and cognitive/Artificial Intelligence (AI)-driven automation. In this post, we’ll explore some potential use cases and best practices for aware automation within the enterprise.

Spotlight on Salesforce’s Acquisition of Tableau | Blog

June 11, 2019

On June 10, 2019, Salesforce announced an agreement to acquire Tableau, a leading interactive data visualization company, for US$15.7 billion in an all-stock deal. Here’s our take on it.

Strategic Intent behind the Deal

The announcement is a masterful move to aid Salesforce’s hyper growth agenda to become a US$28 billion company in three years’ time. In the past 15 months, Salesforce has accelerated the data pivot through its acquisitions of Mulesoft in March 2018 and now Tableau, for a combined value of $22.2 billion.

Given its ambitious topline growth goals, Salesforce has hedged its bet against a pure cloud play. Tableau, which is not a cloud company, runs most of its products on-premise, with over one-third deployments in the cloud. However, last year, Tableau announced that its products will also be available on hyperscalers’ cloud platforms (AWS, Microsoft Azure, and GCP.) Addressing the ubiquity of data in a modern enterprise and recognizing the transition in software consumption pattern, Salesforce is taking an “anytime, anywhere” analytics approach to cater to enterprise’s hybrid cloud-first mandate.

In addition, Tableau’s strong performance against rivals including IBM Cognos, MicroStrategy, Oracle BI, and QlikView makes a strong case for the acquisition, given Salesforce’s big bet on its Customer 360 initiative and its broader foray into empowering clients with data analytics and visualization capabilities.

Enhancing the Data Analytics and Experience Pivot

Salesforce, a veteran in the CRM space, is repositioning itself as a digital experience (DX) platform, wherein it intends to become a one-stop, end-to-end solution for enterprises’ DX needs. It has been making strategic acquisitions over the years to plug in the gaps in its DX platform portfolio to achieve this goal.

Because Tableau and Salesforce’s in-house analytics tool, Einstein Analytics, can easily interoperate, the company will be able to sell a well-packaged data analytics offering. Tableau’s niche capabilities in data analytics will not only deliver an improved data management solution but will also help enterprises form data-intensive strategies and optimize the overall stakeholder experience. And, the acquisition gives Salesforce new up- and cross-sell opportunities, as enterprises will be able to purchase CRM and business intelligence (BI) capabilities from a single vendor.

Gaining a Full View of Enterprise Data

Looking at the timeline of Salesforce’s acquisitions, we see a strategic shift from targeting digital marketing and commerce space toward enhancing enterprise data lifecycle management. Since 2018, Salesforce’s top deals have been to expand its coverage in the data and analytics space. Undoubtedly, the move has given Salesforce a shot in the arm when it comes to showcasing its capabilities across the data management value chain. Tableau sits atop of its acquisitions, plugging in multiple outside data sources and offering an easy to use UI for data visualization.

Indeed, Salesforce’s acquisition of Tableau is a strategic next step after its 2018 acquisition of MuleSoft. While Salesforce leveraged Mulesoft to create a “Salesforce Integration Cloud” that allows different cloud applications to connect via APIs, Tableau can help it gain deeper insights in this data, in turn driving enterprises toward data-driven decision making.

Data Orchestration Meets Cognitive

We give a thumbs up to this deal, particularly for what it means to the market going forward. Why?

The move fits well with Salesforce’s agenda to move into machine learning-driven analytics. Essentially, it will now have a strong BI tool, underpinned by AI, that will democratize enterprise access to next-generation data modeling and analytics capabilities. A Tableau-integrated Salesforce Einstein Analytics offering should be able to deliver an intelligent, intuitive analytics and data visualization platform that leverages enterprise-wide data to help enterprise customers, employees, and partners with well-curated insights.

The Amazon Web Services Juggernaut: Observations from the AWS Summit India 2019 | Blog

May 24, 2019

Amazon Web Services’ (AWS) Summit in Mumbai last week made it clear that its trifecta juggernaut in customer centricity, long-term thinking, and innovation is giving other public cloud vendors a run for their money.

Here are our key takeaways for AWS clients, partners, and the ecosystem.

Solid growth momentum

Sustaining a growth rate in the mid-teens is a herculean task for most multi billion-dollar businesses. But AWS has an annual run rate of US$31 billion, and clocked-in a 41 percent Y/Y growth rate, underpinned by millions of monthly active customers and tens of thousands of AWS Partner Network (APN) partners around the globe.

Deep focus on the ecosystem

Much of this momentum is due to AWS’ heavy focus on developing a global footprint of partners to help enterprises migrate and transform their workloads. Taking a cautious and guided approach to partner segmentation, it not only broke out its Consulting and Technology partners, but also segmented its Consulting Partners into five principal categories: Global SIs and Influencers, National SIs, Born-in-the-Cloud, Distributors, and Hosters. This is helping AWS establish specific innovation and support agendas for its partners to grow.

This partner ecosystem focus is increasingly enabling enterprises to achieve real business value through the cloud, including top-line/bottom-line growth, additional RoI, lower cost of operations, and higher application developer productivity. And AWS’ dedicated focus on articulating business benefits such as operational agility, operational resilience, and talent productivity, along with the underlying tenets of the cloud economy, has helped it onboard more enterprises.

Cloud convenience will need an accelerated Outposts push

Enterprises are looking for cloud convenience, which often manifests in location-agnostic (on-premise or on cloud) access to AWS cloud services. To bring native AWS services, infrastructure, and operating models to virtually any datacenter, co-location space, or on-premises facility, the company launched AWS Outposts at its 2018 re:Invent conference. Outposts is expected to go live by H2 2019 for Indian customers. Despite this, AWS is trailing in this front, playing catch-up to Microsoft Azure, which launched Azure Stack almost a year ago (and previewed a version in 2015.) At the same time, AWS will have to educate its enterprise clients and ease their apprehensions about vendor lock-in challenges while leveraging integrated hardware and software packages.

Helping clients avoid consumption fatigue

Shifting the focus toward AWS’ innovation agenda, the public cloud vendor launched over 1,800 services and features in 2018. As enterprises grapple with the rising number of tools and technologies at their disposal – which can lead to consumption fatigue – this can manifest in different ways:

Large enterprises will often depend on system integrators to help them unlock value out of latest technologies – AWS’ success in furthering the partner ecosystem will be crucial here
For SMBs, AWS will build on its touchpoints with the segment, something that Microsoft and Google already enjoy because of their respective enterprise productivity suites.

What’s next on AWS’ innovation front

There seemed to be a lack of development on the quantum or high-performance computing front. Client conversations suggested that they are struggling to figure out the right use cases depending on whether they need more compute and/or data – something AWS can help educate them on.

Gazing into the enterprise cloud future

We do not believe enterprises will move their entire estates to the public cloud. Indeed, as they transition to the cloud, we expect the future to be decidedly hybrid, i.e., a mix of on-premise and public, as this approach will allow every organization to choose where each application should reside based on its unique needs.

To deliver on this hybrid need, product vendors are inking partnerships with virtualization software companies. And the services and product line-ups are piquing enterprises’ curiosity. To help stake its claim in this hybrid space, AWS Outposts does have a VMware Cloud option, which is AWS’ hardware with the same configurations but using VMware’s Software Defined Data Center (SDDC) stack running on EC2 bare-metal. But it will need to educate the marketplace to accelerate adoption.

The bottom line is that although AWS is facing some challenges on the competitor front – with Azure and a reinvigorated Google Cloud under Thomas Kurian – it is well positioned on account of a solid growth platform and ecosystem leverage, which it demonstrated at the 2019 India Summit.

Protect Yourself from Cyber-breaches: Digital Forensics and Incident Response | Blog

May 7, 2019

According to the Identity Theft Resource Center, a staggering 1,200+ breaches were reported in 2018. A breach can wreak havoc on a business, including – but not limited to – loss of revenue and reputational harm. And poor incident response can compound that damage, as demonstrated by breaches at Deloitte, Equifax, Uber, and Yahoo.

Some enterprises are recognizing the importance of being prepared and able to respond to attacks: 22 percent of respondents to a 2018 Everest Group survey rated “reduction in time/effort to detect, respond, and recover from breaches” as their top strategic priority in next 12-24 months.

But given the dangers, 100 percent of enterprises need to think through and create an effective risk mitigation strategy. This is where Digital Forensics and Incident Response (DFIR) can be essential. Combining incident response with deep forensic analysis to collect and examine digital evidence on electronic devices, an effective DFIR strategy can help mitigate business risks in the early stages of an attack.

Starting on the DFIR journey: an enterprise perspective

The first step in the journey is establishing forensic analysis and incident response teams responsible for reporting, incident handling, and monitoring when a breach is detected.

The incident response team should have specific training in areas such as file systems and operating system design, and have knowledge of possible network and host attack vectors.

After a breach is detected, the forensic analysts must work closely with the incident response team to address several issues, such as isolating affected systems and making containment decisions, based on existing device, access, and data security policies. Enterprises must also update their policies regularly to stay ahead of attackers.

Putting DFIR into action

An effective incident response plan should include the following components:

A guided approach to creating a DFIR strategy

Enterprises without a cyber-attack incident response plan leave themselves open to potentially insurmountable losses. Despite the danger, they often face significant challenges in creating a plan. These challenges include:

Limited budget for plan development and forensic analysis
Lack of built-in approval systems to kick off incident response
Lack of support for cyber insurance policies
Lack of adequate skill sets to perform forensic analysis.

Our guided approach to developing a DFIR strategy can help enterprises evaluate and onboard digital forensics as part of their overall cybersecurity strategy.

Specialist DFIR offerings can help

As many enterprises aren’t equipped to improve their security posture and reduce incident response times on their own, specialist DFIR vendors – such as CrowdStrike, Cylance, and Mandiant – can assist with suites of holistic offerings. In contrast with managed security services (MSS) players, specialist DFIR vendors lead with localization as their core value proposition. Their product-centric service offerings, localization, and a guided approach help enterprises build resilient business are valuable resources for enterprises.

In fact, DFIR capabilities are becoming a deal clincher/breaker in large security transformation deals between enterprises and MSS providers. Enterprises need to carefully analyze the value proposition of their current/potential MSS partners serving as their DFIR vendor. The following checklist can help enterprises determine if their MSS providers can provide DFIR services.

Approaching DFIR in the digital world

Today’s business environment has dramatically changed the way enterprises need to address DFIR. Adoption of digital technologies such as cloud, IoT, mobility, software defined everything (SDX), etc., has made traditional forensics techniques obsolete. And issues such as evidence acquisition, validation, and cataloging are just the tip of the iceberg.

The following new approach can help enterprises effectively protect themselves against cyber attacks in the digital world.

Given what’s at stake, enterprises must understand that remaining in the dark about potential breaches can prove significantly more devastating than the time and resources required to build or onboard competent digital forensics capabilities. DFIR can be a challenge, but it’s worth it.

Please reach out to us at [email protected] and [email protected] if you are interested in exploring DFIR in further detail.

Enterprises Must Bake “Contextualization” into Their IT Security Strategies | Sherpas in Blue Shirts

December 10, 2018

Given the rapid uptake of digital technologies, proliferation in digital touchpoints, and consumerization of IT, traditional enterprise security strategies have become obsolete. And challenges such as security technology proliferation, limited user/customer awareness, and lack of skills/talent are making the enterprise security journey increasingly complex.

Against that backdrop, the key thrust of our just released IT Security Services – Market Trends and Services PEAK Matrix™ Assessment 2019 is that the conventional, cookie cutter best practices prescribed by service providers no longer cut it. Indeed, we subtitled this new assessment “Enterprise Security Journeys and Snowflakes – Both Unique and Like No Other!” because the complexities of today’s technological and business landscape are forcing enterprises to use a much more guided and contextualized approach toward securing their IT estates.

What does this mean? To achieve success, enterprise IT security strategies must focus on three discrete, yet intertwined, levers.

Enterprise-specific Business Dynamics

In order to prioritize their investments in next-generation IT security, every enterprise needs to understand which assets it considers its crown jewels, how the business – and its security investments – will scale, and how to best mitigate risk within budgetary constraints. For example, a traditional BFS enterprise has far different endpoint security needs than does a digital-born bank.

Enterprises must also determine how delivery of superior customer and user experiences and exceptional security can co-exist. For example, a BFS enterprise’s introduction of an innovative new payments service backed by multi-factor authentication must operate without degrading the customer experience with delays.

Vertical Considerations

Enterprises need to take an industry-specific, value chain-led view of IT security that ensures optimal budget control without compromising the overall security posture.

For example, BFS firms must invest in security measures that protect their transaction processing and control/compliance capabilities. And building security controls for user access management, introducing behavioral biometrics into an integrated authentication process, and developing identity controls for anti-money laundering compliance are essential safeguards for sustainable competitive advantage.

Regional Considerations

Stringent regulatory environments (such as GDPR for customer data protection in Europe, PCI DSS for payments in the U.S., HL7 for international standards for transfer of clinical and administrative data between applications) and geography-specific nuances require a circumstantial approach to IT security. This means that geography-specific compliance around data protection, protectionist measures undertaken by the government, enterprises’ digital demand characteristics, and enterprises’ priorities in specific regions need to be taken into account. And global organizations must adhere to a well-defined strategic roadmap to address multiple variants of IT security standards across the globe.

For service providers, this essentially implies delivery of localized services in their focus geographies.

Taking a Phased Approach

While bolting-on IT security capabilities may lead to unnecessary – and valueless – sprawl, enterprises can avoid this challenge by investing in their IT security strategies in a phased manner, as outlined in the figure below.

To learn more about IT security contextualization, please see our latest report delves deeply into the important whys and hows of contextualizing IT security, and also provides assessments and detailed profiles of the 21 IT service providers featured in Everest Group’s IT Security Services PEAK Matrix™.

Feel free to reach out us to explore this further. We will be happy to hear your story, questions, concerns, and successes!

Author: SarweshwerGupta