Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.
To use an expression, cybersecurity occupies a village.
Or, as Joe Levy, chief technology and product officer at Sophosit said, “modern cybersecurity is becoming a highly interactive team sport.”
And some organizations are making this official by creating cross-operational – or cross-functional – security teams.
For example, Sophos recently launched Sophos X-Ops, a cross-operational unit that leverages artificial intelligence (AI) and connects three established teams: SophosLabs, Sophos SecOps and Sophos AI.
MetaBeat will bring together thought leaders to offer advice on how metaverse technology will change the way all industries communicate and do business October 4 in San Francisco, CA.
Cyber attacks, “…have become too complex for a single threat intelligence team to do it alone,” Levy said. “Defenders need the breadth and scale of a collaborating group to provide versatile, 360-degree views of attacks for optimal defense.”
Not just goalkeepers
In a new study commissioned by data management company Cohesion81% of IT and Security Operations (SecOps) decision makers surveyed agreed that IT and SecOps should at least share responsibility for their organization’s data security strategy.
However, almost a quarter reported that the cooperation between the groups was not strong. In addition, 40% of respondents said that cooperation between them has remained the same, even in the face of increased cyber-attacks.
This continues to be the case in all sectors, according to experts. But multidisciplinary teams must be imperative: they can discover, collect and analyze predictive, real-time, real-world, researched threat intelligence. This allows them to respond faster – and at scale – to evolving, well-organized, persistent and increasingly sophisticated threat actors.
“The adversary community has discovered how to work together to trade certain parts of attacks while creating new ways to evade detection and exploit software vulnerabilities to massively exploit them,” said Craig Robinson, vice president. president of the research division of security services for ICD.
Robinson stressed that collaborative teams “steal a page from cybercriminals’ tactics”.
Cross-operational teams also take a page from the federal playbook. In March 2022, FBI Director Christopher Wray discussed the FBI’s plans to work with the private sector to counteract cyber threats.
“What a partnership allows us to do is hit our adversaries at every point, from the victims’ networks to the hackers’ own computers,” he said. He added that “trying to stand in the goal and block shots won’t get the job done.”
By partnering with private companies, “we are disrupting three things: the threat actors, their infrastructure and their money,” Wray said. “And we have the most lasting impact when we work with all of our partners to disrupt all three of them together.”
The SOC of the future
Levy agreed that effective, modern cybersecurity requires robust collaboration at all levels, both internal and external.
Cybersecurity experts are obsessed with improving detection and response times — and for good reason. Along the attack chain, there are many spots that can be breached and/or hidden within the network.
“We are against a clock to detect and stop attackers at multiple points in the attack chain,” Levy says.
Sophos X-Ops, a joint task force for advanced threat response launched in July, helps teams make discoveries faster while providing more comprehensive layers of protection, Levy said. By integrating and sharing information and expertise, they can more easily fend off attacks and analyze them together. They are procedurally enabled by common systems, synchronized program and project management methods, and shared playbooks.
The concept of an artificial intelligence (AI) assisted security operations center (SOC) anticipates the intentions of security analysts and provides relevant defensive actions, Levy said. Effective AI requires access not only to massive amounts of data, but also to curated or well-labeled data, as well as continuous feedback loops between models and the operators they were designed for.
Calling it the “SOC of the future,” he added that the security software and hardware company plans to publish research, technical documents and information to serve as templates for others in the industry.
Healing security pain points
All things considered, Levy said, scalable end-to-end security operations need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists — and establish an organizational structure that avoids silos.
“A serious pain point in cybersecurity – and in any intelligence operation, really – is the challenge of having the right intelligence, but struggling to get that information to the right people at the right time for the right use,” agrees Alexander Garcia-Tobar , CEO and co-founder of valimail.
The San Francisco-based company has developed a Domain-based Message Authentication, Reporting and Conformance (DMARC) tool to help reduce certain types of fraudulent email.
As Garcia-Tobar noted, huge amounts of data pass through organizations every day — business, industrial and personal data, financial information, “just an absolute treasure trove of valuable information ripe for hackers to exploit,” he said.
Multidisciplinary teams combine IT operations, security operations (SecOps) and other relevant departments to help prevent this.
“Think of it as security running at devops speed,” he said.
While those who ultimately sit at the table depend on both the size of an organization and the industry, building an effective multi-functional team requires you to think about all the stakeholders involved in your organization’s data compliance, Garcia-Tobar said.
This can be logistics staff, but also a chief compliance officer, chief HR officer, CIO, CISO, chief privacy officer, chief risk officer and general counsel.
Binding the group together makes someone “like his champion” who can set clear goals and communicate expectations clearly. Support from the executive is essential, because ultimately every employee has their own goals and priorities, he said.
“If they’re at odds with another team’s success criteria, you get friction,” he said, describing executive leadership as “the beacon that directs what’s best for the organization as a whole.”
Trust, communication, diversity
Another fundamental ingredient for cross-functional teams to work effectively? To trust.
“If it’s missing, cross-team efforts stutter and often fail,” said Garcia-Tobar.
Therefore, it is the job of executives and individual team leaders to build trust – and promote buy-in – with all stakeholders. This is a matter of “building bridges and championing competence, transparency, openness and fairness,” he said.
Also critical is effective communication through regular touch points, giving everyone the opportunity to ask for feedback, provide input, reinforce priorities and keep everyone informed and up-to-date. This helps organizations comply with regulations and they can use collected data to understand how different parts of the organization affect each other.
Building a diverse team gives organizations the advantage of multiple perspectives working from facts and hard data and shared insights to drive innovation and better informed decision making. And thus “more insightful, well-motivated results.”
“Everyone is responsible for safety. Collaboration between teams enables teams to respond more quickly to cybersecurity threats, improve resilience, reduce risk – and most importantly, develop dynamic partnerships that drive innovation,” said Garcia-Tobar.
All in all, executive leadership must prioritize security, set security goals, present them to boards that hold them accountable, and continuously review progress.
“If companies prioritize a security culture, i.e. a robust, rigorous, human-centric risk management strategy, they are better equipped to fend off cybersecurity threats,” said Garcia-Tobar.
He added that “implementing a cross-team approach generates more open conversations about security, enabling teams to strengthen priorities and drive accountability across all departments and stakeholders.”
The mission of VentureBeat is a digital city square for tech decision makers to gain knowledge about transformative business technology and transactions. Learn more about membership.