Security and data breaches are a concern for all organizations today. 2022 has already witnessed several companies hit by data breaches in the APAC region. For example, Singapore was ranked sixth in the world for having the most databases exposed last year. As more IT security threats emerge and mitigation of vulnerabilities and attacks becomes more robust, streamlining IT operations and security becomes more critical than ever. This requires organizations’ immediate attention to review their SecOps and ensure close collaboration between security and IT operations to respond nimbly to security threats and vulnerabilities, harden the digital attack surface and mitigate the loss of data and in the process get maximum ROI from security investment.
In this exclusive CIO forum brought to you by ETCIO Southeast Asia, in association with ServiceNow, top CIOs and tech leaders from India, Singapore, Malaysia, Indonesia, Thailand, Hong Kong, Taiwan and the Philippines join us to share of insights into how organizations can change. their security infrastructure, cyber vulnerabilities and challenges they face, and ways to harden the digital attack surface and mitigate data loss.
Here are key highlights from several sessions at SecOps Summit 2022:
How SOAR is helping to transform security operations centers
According to Charmaine Valmonte, Chief Information Security Officer, Aboitiz Group, the security orchestration, automation and response (SOAR) platform helps to collect information properly, reduce incident response time, implement the best monitoring system, and accurate threat intelligence to allow an organization to make the necessary connections while anticipating risks. SOAR also helps automate mundane tasks that require security.
Devinder Singh, Chief Information Officer, Maybank added to the conversation by saying that the most important thing is to break silos. He said, “SOAR is a tool that facilitates teams, collaborates with businesses, and enables timely security measures.”
Key challenges of implementing SOAR
Devinder began the conversation by urging organizations to adopt security in their environment. Teams must work with each other to ensure that security is instilled in an organizational environment. He said, “What I learned is that we need to know what we want. Tools can have all the capabilities in the world, but you have to know what you need to fix. Which points does your organization need to address based on what your industry has to offer? We need to provide a very clear context.”
Charmaine continued, “If you don’t have the specific workflows you’re looking for, in most cases, like a SIEM, you’ll need to review the entire group of alerts. As the process continues, organizations begin to develop workflows. And organizations need to develop several workflows. When we do this, we need to know the end-to-end incident response process specific to any threat vector.”
He also raised an important point about how today, threat models are mostly manual. Tech is still building that one dashboard that puts everything together so it doesn’t require a manual response, but we’re a long way from that day. What organizations can do is ensure that their workflows are in sync, that important information is visible, and that there is proper integration between their vendors and service providers.
“When we are faced with a new system like SOAR, if implemented haphazardly, will only result in more redundant information that businesses have to contend with,” Charmaine rightly concludes.
SOAR tools that build better security frameworks, policies, and improve compliance regulations
Charmaine says that SOAR is a relatively new entrant in the security space after SIEM and other systems. He believes that if implemented correctly, having connected workflows, threat intelligence, and workable artificial intelligence, SOAR helps to:
- Prioritize compliance, because it’s embedded.
- Developing threat models based on organizational risks.
Most organizations have their own security postures. In the future, the intelligence that organizations gain from their SOAR systems, will help develop new policies and improve their response readiness.
Devinder agreed and said, “From a security perspective in a global perspective, most organizations are facing difficulties in developing their security protocols. As we continue, there will only be so many complexities , which makes it necessary to develop better frameworks and policies that are in line with the modern threat landscape.”
How can organizations develop an agile SOC?
According to Titirat Siripattanalert, Group Chief Information Security Officer and Chief Digital Officer, True Corporation, an agile SOC has three elements: people, process and technology. In terms of people, SOC analysts and their work are underrated, they need to understand, implement, and evaluate SOC security tools. Organizations need to retain their SOC analysts through upskilling, motivation, and incentives so they can perform their role effectively.
In terms of process, organizations need to have the right processes in place to orchestrate security, automation, and response, by turning human processes into an automated playbook.
In terms of technology, all tech-oriented platforms, infrastructure, and 0general tools need to be evaluated to automate mundane processes to apply our manual intelligence to analyze threats that are still not possible of machines. The technology used should be an enabler and not an inhibitor while responding to any threats.
Finally, organizations need to have proper incident management to ensure that when an alert is received, a proper process is carried out for further investigation, responsible for immediately eliminating the threat factor.
How security leaders should address the security talent shortage
Arivuvel Ramu, Chief Information Officer, Tonik Digital Bank shed light on the different types of workforce used in security management. He added, “One skill that organizations need is differentiating their on-ground workforce from the remote workforce. They work with different technological connections, making their security compliance very different. . Even the device experience is constantly changing, making traditional security firewalls ill-equipped to handle modern device policies.”
Therefore, organizations must find the right talent who can understand different processes, identify data, and have certain role management strategies to help them operate efficiently.
The benefits of using SOC as a service
Sachin Nair, Chief Information Officer, Khan Bank made an important point that requires the development and integration of Security Operations Centers in organizations, which is about the difference between the responsibilities of the CIO department that overlooks IT, and the department of the CISO overseeing security protocols across the enterprise. , which his company follows as a business protocol.
Building a hybrid SOC within Khan Bank, Sachin built its benefits to carry out certain functions as the only remaining need to be outsourced from a third-party, if any. He talked about how this has been an effective experience for the bank and its processes in the midst of an environment where its security and talent are scarce.
According to him, the constant evolution of malicious, internal, external threats, makes it difficult for organizations to keep up with the threat landscape, and the development of a Security Operations Center that is in line with an organization and its unique threat landscape is the only way forward.
A perfect cloud security infrastructure
Teguh Febrianto Setiawan, Information Security Head, PT. Bank Tabungan Negara (Persero) Tbk highlighted the benefits of the cloud and focused on cloud efficiency. He said organizations want a cloud system that is reliable and gives the business the opportunity to grow and keep costs down. According to Teguh, here are some of the best cloud security practices:
- Understanding how the cloud works: Teguh says the identification of sensitive and regulated data is crucial. Companies must understand how they use and store data.
- Understand how sensitive data is identified and shared from internal company to external.
- Understand what types of costs have affected the organization.
- Understand configuration and infrastructure as a service that delivers valuable compute, storage and networking resources on demand.
- Apply data protection policy
The Future of Digital Risk: Building resilience by design
In an interesting fireside chat, Steven SIM kok Leong, President, ISACA Singapore Chapter, explained that organizations must be strong enough and able to protect business interests, despite the existence of a breach. That means they should not only look at security by design but also stability by design.
Mel Migriño, Vice President and Group Chief Information Security Officer at Meralco that in order to manage and control the threats that can affect our organizations, companies must look at the collective defense approach by strengthening our cyber security defenses that meaning they will need to interface with local regulators and agencies as well.
.