Increase Security, Not Complexity
Walking around the RSA Conference, I saw many innovative and powerful security tools that could help federal agencies. However, two problems make it difficult to add any of them to the Security Operations Center (SOC): Cost and Complexity.
We all know there is no silver bullet, despite what many vendors will tell you about their products. Adding one new product, much less multiple new products, will exacerbate the most pressing problem facing agency security teams: Too many. Too many alerts. Too many consoles. Too many vulnerabilities. Too many attacks.
Almost every vendor claims it has a beautiful and easy-to-use console “that centralizes everything” and delivers automation that “reduces time to X.” However, 90 percent of them are really talking about their own functionality, not the entire suite of products that every cybersecurity professional has to deal with. So no matter how pretty and simple a new console is, it’s STILL another console to spend time checking. And no matter how automated the product’s functionality is, it’s still not integrated with the whole and, therefore, adds complexity.
Frustrated with this reality, I asked two questions when talking to security vendors and their enthusiastic pitchmen. “How does your beautiful console integrate with other products and reduce those or feed into other consoles and disappear?” “How well does your product integrate with others to automate the totality of the security environment?”
Most looked at me dumbfounded, not understanding why I would ask such a question—which really means they don’t understand their customers’ real problems. They are engineering folks who get the technical problem, but don’t get the everyday life of a security professional. That’s why I believe that coming from a data center background that years ago already went through this transformation provides valuable insight and experience, because you understand the importance of solutions, not point products.
SwishData is focused on SOLUTIONS for customers that are integrated and reduce cost and complexity, rather than adding to it. We know that adding great point products only causes more problems in the end, rather than solving them. We need to reduce the amount of manual labor it takes to run a SOC, not increase it. To that end, we have identified three important ways to automate: Prioritization; Response and Integration; Governance, Risk and Compliance
- Prioritization of both threats and vulnerabilities is the first step to understanding where to focus. Not every threat or vulnerability is equal, so figuring out where to spend your time is key.
- Response and Integration of products involved in threat responses is only possible with a consultative approach. Once repetitive processes that are the same are identified, an automation platform can revolutionize how a security professional operates and free up valuable time for true forensics and detective work
- Governance, Risk and Compliance is actually the most well-defined area for automation. There are many mature products and tools out there to help customers. We believe that collecting the data for this function and then reporting in an automated fashion significantly improves the effectiveness of both the management and team in the trenches.
Stay tuned as we roll out more information about how your agency can benefit from the work we’re doing to automate and simplify federal government SOCs.