How to Achieve Best-in-Class Security Operations
Why you need outcome-driven Security Operations for today’s dynamic business and threat environment
Digital transformation, hybrid or remote work, bring you own devices, shadow IT – business transformation is anything but static and cybersecurity teams are facing the brunt of it as guardians of the enterprise. How do security teams, already hampered with budget and resource constraints, stay ahead to deliver on their risk reduction and resiliency objectives in an already dynamic environment threatened by an increasingly nefarious threat landscape?
Innovative leaders are finding ways ahead. And two of them, Larry Trittschuh, Executive VP and CSO at HealthEquity and Col. John Burger, CISO at ReliaQuest joined me for a 30-minute discussion to provide their insights and guidance on how to forge Security Operations that are Best-in-Class to meet today’s demands. They should know – HealthEquity is one of the leading non-bank health savings trustees with approximately 3,500 teammates across the US and ReliaQuest force multiplies security operations for over 250 organizations worldwide. They face off against major threats – ransomware, data exfiltration and business disruption – every day.
What is the basis for a good security program? They both agree it should be risk-based. There are no shortcuts – design your program based on your business needs and focus on outcomes to protect your business and its high value assets, they said. Both bring risk management experiences as veterans – Larry at the US Air Force and Col. Burger having run security operations at United States Central Command – and apply those principles here. They advise security teams to focus on the most important risks in the context of their business and the credible threats that target companies for a specific purpose. You cannot and need not chase anything and everything. Having that focus is your best chance at success.
|Download the Best-in-Class Security Operations eBook|
Today, enterprises are overwhelmed with disparate security tools – built out over time in hopes of reducing gaps in coverage but in many cases, actually increasing risk through fragmented focus. The two security leaders talked about a pragmatic approach to security technology investments – not that tools are ineffective but to understand their requirements and performance as part of your program.
While there is no single silver-bullet, both agreed that visibility and automation are key to reducing alert fatigue, increasing analyst productivity and ultimately driving desired outcomes—reducing risk and investing in the right areas. Larry further added visibility and automation help his team be proactive – including use of Open XDR-as-a-Service from ReliaQuest’s cloud-native platform GreyMatter. He automates wherever he can to relieve his team from the low value tasks, removing the tedium. He believes what Col. Burger calls ‘low brain, high carb” activities can be automated to enable every SOC analyst to do more proactive business value functions.
And how do services from a trusted partner like ReliaQuest – including managed integrations, field-tested detection and threat hunting packages and hybrid intelligence – help security operations teams get out of fire drill mode and up their game? Hear it for yourself in this 30-minute discussion.