Security Operations Center

Security Operations Center
State of Data OperationsState of Data Operations

The report was conducted as a deep dive into data operation opportunities and challenges for over 150 IT Executives.

How has GDPR and CCPA changed your use or procurement cybersecurity tools?

Top Answer : Not much directly but in some situations avoiding an agent, a plugin, or something that requires a cookie will mitigate privacy risks.  Many security technologies in how they are architected, deployed, and how the vendor gathers and shares information actually is generating a substantial amount of privacy risk

If these companies were affected then the foundation of computing could be at risk. If you could manipulate at the hardware layer via the firmware, BIOS, ect then a threat actor could weaponize well below the operating system which brings in to question the integrity of the entire computing stack and everything above it.  The firmware and bios are like the rebar and concrete for a building. If that foundation is weak then the entire structure and anything dependent on it is at risk. We cannot underestimate the potential or the severity of these companies being potentially affected by the SolarWinds hack and what that means for the foundational computing hardware they provide to the world.  What do others think ?  How could this impact your organization ?   Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack - The Verge

Top Answer :

Pulse Flash Read: Don’t Let Open Source Become Open Sores

Open source, as a concept, seems to encapsulate the best of what the internet was intended for—a truly global teamwork-makes-the-dreamwork coding hivemind built on the principle that information should be shared. It’s a valuable tool for enterprise and amateur coders alike: enterprises make aspects of their code open source, and an aspiring developer on the other side of the world can discover flaws in that code or suggest improvements while simultaneously honing their technical skills.  Perfect, right? Of course not.  The open book of code that makes up open source libraries also means that whoever desires can peruse those pages purely to find — and exploit — vulnerabilities. Open source is full of these proverbial ‘unknown unknowns’.  The communities running open source code databases are, of course, aware of this, and leverage the community hivemind to discover weaknesses and turn some of those ‘unknowns’ into ‘knowns’ by releasing crucial ‘patches’. The key for those using this code in their software is implementing those patches before the bad actors get in.  It would be brilliant if the organizations using open-source code simply had to turn on auto-update and leave their devices connected to wifi overnight to implement these patches.  However, organizations tend to have geological tech stacks that are formed with layers and layers of code from different eras. Each one of those layers could feature tiny pieces of code from dozens of open source libraries. If one of those libraries becomes compromised, would anyone in IT even remember if they used it? Each instance of open source across the whole code stack could turn into an open wound that, left untreated, could fester into a big problem for the whole organization. Keeping track of the ‘Software Supply Chain’ that forms the code stack is near impossible for teams relying on human oversight. Just because Hollywood Hackers spend Red Bull-fueled nights searching open source libraries for vulnerabilities doesn’t mean the security team can operate 24/7.  It’s a wide issue that needs to be addressed before the tentacular reach of Big Data accelerates beyond the reach of organizations, who may find their data silos are actually about as leak-proof as the White House. Thankfully, awareness is being raised due to efforts such as the
Open Source Security Foundation (OSSF), which brings leaders from across industries together with the common goal of increasing knowledge, creating guidelines, and delivering solutions that prevent open source security issues. Though we’ve seen DevOps adoption rise over the last few years to enhance cross-team continuous development efforts, embedding security into that collaborative effort seems to be proving problematic. Not from a tech standpoint. That might be the easier fix. The problem seems to stem from an internal culture stalemate. Dev and Sec simply don’t want to be teaming up to form any kind of common language or goal (though here’s a handy guide to how that might be overcome). While that’s a problem that needs some innovation and real-talk to fix, a number of vendors have stepped up to push security into that category, offering external DevSecOps tools specifically to tackle open source security (OSS).  GitHub, perhaps the apogee of the open source community, has developed a suite of tools that automate security detection and deployment (including the reassuringly named ‘Dependabots’) and recently joined the OSSF. Synopsys stands alone in the top right corner of the Gartner Magic Quadrant in the category Gartner calls ‘Application Security Testing’, offering ‘end-to-end’ integration of automated security tools, from training through integration to management.  HCL Software is named in the ‘visionary’ section of that same Magic Quadrant, and offers an affordable yet robust-sounding tool suite meant to augment the DevOps process called ‘OneTool’. Contrast deploys an ‘Intelligent Agent’ to detect and scan open source libraries within codestacks, enforcing custom policies in real-time. WhiteSource is aimed at those who are specifically seeking out open source libraries for development, and, frankly, has the nicest looking website.  Maybe, if DevOps can find a way to fit security into a loving embrace and truly form the desired DevSecOps, and with the right toolkit, auto-update in some sense might just be possible after all.

Top Answer :

How can consolidating security across independent subsidiaries improve security processes in an organization?

Top Answer : As we transformed 21st Century Fox into “New Fox”, Fox Corporation, after the Disney acquisition we consolidated both the IT teams and the security team to be uniform across the board. Everyone's been over the moon with this whole transition. It has skyrocketed our ability to secure things and exponentially increased visibility across systems through consolidation and replatforming. Not only that, but I think the businesses are pleased with all of the modern applications that they've transitioned to. Our CEO, Lachlan, has also made it very clear he wants everyone operating in a "One Fox" mindset across the company. I think that has gone a long way at the senior executive level and with the technology systems to make it understood that we're going to have consistent ways of working across the board and a focus on the overall FOX mission. Our businesses have moved from independently managed on-prem systems into consolidated SaaS platforms. This has allowed us to dramatically improve our efficiency from a cyber standpoint and it provided the unique opportunity to re-think security for every system and workflow, as well as design systems with a “secure defaults” configuration. The company transition provided a once in a lifetime opportunity to replatform the company and cyber took full advantage of this.