You are currently viewing How Cross-Operational Teams Can Improve Security Posture

How Cross-Operational Teams Can Improve Security Posture

Couldn’t attend Transform 2022? Discover all the summit sessions now in our on-demand library! Look here.

To borrow an expression, cybersecurity takes a village.

Or, as Joe Levy, Chief Technology and Product Officer at Sophos, put it: “Modern cybersecurity is becoming a highly interactive team sport.”

And some organizations formalize this by creating cross-operational or cross-functional security teams.

Sophos, for its part, recently launched Sophos X-Ops, a cross-operational unit that leverages artificial intelligence (AI) and connects three established teams: SophosLabs, Sophos SecOps and Sophos AI.


MetaBeat 2022

MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, California.

register here

Cyberattacks, “…have become too complex for a singular threat intelligence team to tackle alone,” Levy said. “Defenders need the breadth and scale of a collaborative group to provide 360-degree, multi-faceted views of attacks for optimal defenses.”

Not just the guards

In a new study commissioned by data management firm Cohesity, 81% of IT and security operations (SecOps) decision makers surveyed agreed that, at the very least, IT and SecOps should share responsibility for strategy. data security of their organization.

However, almost a quarter indicated that the collaboration between the groups was not strong. Additionally, 40% of respondents said that the collaboration between them has remained the same despite the increase in cyberattacks.

This continues to be the case across all industries, experts say. But multidisciplinary teams should be a must – they can uncover, gather, and analyze predictive, real-time, real-world, and researched threat information. This allows them to respond more quickly – and at scale – to evolving, well-organized, persistent, and increasingly sophisticated threat actors.

“The adversarial community has figured out how to work together to trivialize parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to exploit it en masse,” said Craig Robinson. , Vice President of Security Services Research for CIM.

Robinson pointed out that cross-collaborative teams “steal a page of cyber-miscreants’ tactics.”

Cross-operational teams are also inspired by the federal playbook. In March 2022, FBI Director Christopher Wray discussed FBI plans to partner with the private sector to counter cyber threats.

“What the partnership allows us to do is hit our adversaries at every turn, from the victims’ networks to the hackers’ own computers,” he said. He added that ‘trying to stand in goal and block shots won’t get the job done’.

By partnering with a private company, “we’re disrupting three things: the threat actors, their infrastructure, and their money,” Wray said. “And we have the most lasting impact when we work with all of our partners to disrupt all three together.”

The SOC of the future

Levy agreed that modern and effective cybersecurity requires strong collaboration at all levels, internally and externally.

Cybersecurity experts are obsessed with improving detection and reaction times – and for good reason. There are many points along the attack chain that can be hacked and/or hidden within the network.

“We’re against the clock to detect and stop attackers at multiple points along the attack chain,” Levy said.

Sophos X-Ops, a joint advanced threat response task force that launched in July, helps teams make discoveries faster while providing more comprehensive layers of protection, Levy said. By integrating and sharing information and expertise, they can more easily thwart attacks and analyze them together. They are procedurally enabled by common systems, synchronized methods of program and project management, and shared playbooks.

The concept of an artificial intelligence (AI)-assisted security operations center (SOC) anticipates the intentions of security analysts and provides relevant defensive actions, Levy said. Effective AI requires not only access to massive amounts of data, but organized or well-labeled data, as well as continuous feedback loops between models and the operators they are meant to benefit from.

He called it the “SOC of the future” and added that the security software and hardware company plans to publish research, technical papers and intelligence to serve as models for others in the industry.

Heal security vulnerabilities

Altogether, Levy said, scalable end-to-end security operations should include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, disaster responders, and more. incident, data engineers and scientists – establishing an organizational structure that avoids silos.

“A serious problem in cybersecurity – and really any intelligence operation – is the challenge of having the right intelligence but struggling to get that information to the right people at the right time for the right use,” agreed Alexander Garcia-Tobar, CEO and co-founder of Valimail.

The San Francisco-based company has developed a Domain-Based Message Authentication, Reporting, and Compliance (DMARC) tool to help mitigate certain types of fraudulent email.

As Garcia-Tobar noted, massive amounts of data flow through organizations every day — business, industry, and personal data, financial information, “just an absolute wealth of valuable information ready for hackers to exploit,” did he declare.

Multidisciplinary teams combine IT operations, security operations (SecOps), and other relevant departments to help prevent this.

“Think of it as security working at the speed of devops,” he said.

While who ultimately sits at the table depends on the size of the organization as well as its industry, when building an effective cross-functional team, consider all of the stakeholders associated with data compliance of your organization, said Garcia-Tobar.

This may include logistics staff, as well as a compliance manager, human resources manager, IT manager, IT security manager, privacy manager, risk manager and general counsel.

Tying the group together is someone “as a champion” who can set clear goals and clearly communicate expectations. Management support is essential, because at the end of the day each employee has their own goals and priorities, he said.

“When they disagree with another team’s criteria for success, you get friction,” he said, describing executive leadership as “the beacon guiding what’s best for the organization in his outfit”.

Trust, communication, diversity

Another fundamental ingredient for cross-functional teams to work effectively? Trust.

“When he’s lacking, cross-team efforts often stutter and fail,” Garcia-Tobar said.

Therefore, it is incumbent on individual executives and team leaders to build trust and foster buy-in from all stakeholders. It’s about “building bridges and championing competence, transparency, openness and fairness”, he said.

Effective communication through regular touchpoints is also key, giving everyone the opportunity to solicit feedback, provide feedback, reinforce priorities, and keep everyone informed and up to date. This helps keep organizations compliant with regulations, and they can use the data collected to understand how different parts of the organization influence each other.

Building a diverse team gives organizations the advantage of multiple perspectives operating from hard facts and data and shared information to drive innovation and more informed decision-making. And, therefore, “more insightful and well-reasoned results”.

“Everyone is responsible for safety. Cross-team collaboration enables teams to react faster to cybersecurity threats, improve resiliency, reduce risk – and most importantly, cultivate dynamic partnerships that drive innovation,” said Garcia-Tobar.

All in all, management needs to prioritize security, set security goals, present them to boards of directors who hold them accountable, and continually review progress.

“When companies prioritize a culture of security — that is, a strong, disciplined, people-centric risk management strategy — they are better equipped to ward off cybersecurity threats,” said Garcia- Tobar.

He added that “implementing a cross-team approach generates more open conversations about security, enabling teams to reinforce priorities and hold all departments and stakeholders accountable.”

VentureBeat’s Mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more about membership.

Leave a Reply