Nov 11 2020

How to Make Your Security Operations Center Future Ready

In a distributed world, the attack surface is far bigger than usual. While the threats are becoming more sophisticated, so are the tools for fighting them.

Information security professionals are playing a key role in helping organizations stay afloat. While this was true even before COVID-19 caused major disruptions to the way we work and interact with teams, it’s even more essential now that teams must remotely.

No longer are businesses working in environments managed onsite, where setting up a perimeter is simple. Because both employees and the devices they’re using are fully distributed, there are new dynamics for security that need to be accounted for — and that’s on top of security threats that are looking for new ways to get past the barriers.

The Challenges Facing InfoSec Teams in Remote Work

For many teams, security infrastructure is a complicated thing. There are often a lot of moving parts that are working against one another, creating organizational challenges that can be difficult to parse.

DISCOVER: Learn more about how to accelerate digital transformation to empower a remote workforce.

In a session at VMworld 2020, Tom Corn, senior vice president of security products at VMware, cited five key challenges that face security operations teams:

  • An enlarged attack surface that goes beyond traditional perimeters
  • Software-based attacks that aren’t limited to standard malware
  • Tool-laden teams that find themselves using 50 to 100 pieces of software, with breaches often a result of misconfigurations
  • Too many silos among departments, creating complications for security teams
  • A lack of context for the tools used, creating a lack of understanding about what, exactly, security teams are defending

“These five problems are really making security incident detection and response in a whole world of security operations incredibly, incredibly difficult,” he said.

Corn noted that the complications faced by security teams of combining many tools through many silos means that tools don’t interact well, adding complexity to the work as critical activities must be spread across numerous solutions.

He said that three steps can help solve this issue: a consolidation of tools; a move toward tracking software that’s used maliciously; and a focus on machine learning and artificial intelligence to make sense of everything. He added that as work becomes increasingly distributed, so does the problem — but that’s not necessarily a bad thing.

“Even as our own security team is becoming increasingly distributed, there are huge advantages to starting to do this from the cloud, as opposed to sort of funneling everything back into some physical location in our data center,” he said.

Equip InfoSec Teams with Future-Minded Technology

VMware Carbon Black, a cloud-native security platform, aims to consolidate and operationalize the many concerns about endpoint security into a single application suite. Having an integrated solution can help make sense of all the silos, moving beyond them to detect threats throughout the system and get around the outdated approaches of traditional anti-virus tools.

At VMworld, the company announced additional elements that allow for Carbon Black to be installed through a virtual machine tool in an agentless way, letting such distribution happen at scale.

“Once this is installed on this endpoint, it is now able to deliver Security as a Service with local tamper protection–enabled Carbon Black, and ensure we are always on, enforcing protection,” said Sanara Marsh, a solution engineer at VMware, during the session.

This approach allows for stronger risk detection along the lines of what one might expect with an anti-virus tool, but with the added capability of pinpointing threats wherever they might emerge. Because the solution operates in a distributed way, it can help a security operations center understand the nature of the threat even if that threat isn’t centralized.

“Enabled through Carbon Black Cloud, what we are able to do is provide a current state assessment of your environment,” Marsh said. “So, you're able to identify a snapshot of where patches may have been missed, or what's your assumed risk.”

It also reflects a future-minded approach to pinpointing and managing threats. Marsh noted that threat mitigation needed to move beyond traditional thinking about malware, as many of the modern challenges facing organizations are limited to software that is explicitly malicious.

“As we understand, adversaries are increasingly intelligent, and they're using good tools for malintent,” Marsh explained. “So, we actually apply more advanced behavioral prevention so that as adversaries adapt and use good tools for malintent, we can prevent that attack from occurring.”

In a world where attack surfaces are evolving just as much as attack strategies, the way security teams respond to these attacks must keep pace. And in a world where physical location is becoming less significant, a little cloud could go a long way.

Brought to you by:

NatalyaBurova/Getty Images