Security Operations Center

Security Operations Center
What are your thoughts on SaaS management platforms (SMP)?

Top Answer :

Related Tags
Business Application Development
Architecture & Strategy
Requirements & Design
Testing, Deployment & QA
Mobile Development
Selection & Implementation
Business Analysis
Applications Vendor Landscapes
Data Center
Public and Hybrid Cloud
Business Applications
Crisis Management
Data & Business Intelligence
Artificial Intelligence
Business Intelligence Strategy
Data Management
Enterprise Integration
Machine Learning
Data Lake
Big Data
Data Warehouse
Disruptive & Emerging Technologies
Virtual Reality
Digital Innovation
Augmented Reality
End-User Services & Collaboration
Collaboration solutions
End User Equipment
End-User Computing Devices
Endpoint management
Productivity tools
Document Management
End-User Computing Applications
End-User Computing Strategy
Voice & Video Management
Continuous Integration
Technical Product Management
Continuous Deployment
Quality Assurance
Customer Relationship Management
Enterprise Content Management
Customer Success
Enterprise Information Management
Enterprise Resource Planning
Marketing Solutions
Human Resource Systems
Product Recommendation
Risk Management
SOX Compliance
Governance, Risk & Compliance
Infrastructure & Operations
Cloud Strategy
I&O Finance & Budgeting
Operations Management
Network Management
DR and Business Continuity
Server Optimization
Attract & Select
Cost & Budget Management
Manage Business Relationships
Organizational Design
Program & Project Management
Train & Develop
Talent management
Performance Measurement
Organization Structure
Manage & Coach
Availability Management
Financial and Vendor Management
Service Desk
Management Tools
Enterprise Service Management
People & Process
Process Management
Asset Management
Project & Portfolio Management
Portfolio Management
Project Management Office
Confidentiality, Integrity, Availability
Secure Cloud & Network Architecture
Endpoint Security
Data Privacy
Identity and Access Management
Security Operations Center
Security Strategy & Budgeting
Security Vendor Landscapes
Threat Intelligence & Incident Response
Threat & Vulnerability Management
Vendor Management
Infrastructure Vendor Landscapes
Strategy & Operating Model
Business Continuity
Architecture Domains
Tool Recommendation
How is your organization addressing ransomware in the immediate short-term?

Top Answer : Has anybody ever seen ransomware go through cellphones on AT&T's network or Verizon's network? No. It doesn't happen. So that's what we do for internal networks. We have typical VLANs where we try to segment everything. We basically ring fence every single device in its own network and ransomware doesn't spread. The problem with corporate networks is that they’re set up to trust everything once it gets in. If you have VPN or 2 factor authentication, then once you're credentialed in, AWS and all your applications are just one VLAN. It's not going to force you to MFA again. So if the bad guy gets in through phishing or other means, they have credentials. Then they can go to your active directory (AD) to shut down all your GPOs and then go kill your applications. It's poor design on our part, and we're kind of dragging our feet on this.

Where have you faced the most resistance when it comes to implementing zero trust policies?

Top Answer : Zero trust has been around as a concept now for 5+ years. And every single time I've tried to implement it, it’s never worked. Because every time we've reduced the footprint down to zero trust, the people who tend to be the most vulnerable always complain. The CEO’s calling you on their trip to Hong Kong saying, "I don't understand, why can't I access my email? Why can't I get access to this SharePoint site?" You’re like, "I had zero trust and you're in a new place so you have to re-authenticate yourself." But then they don’t have their dual factor and so on. Pretty quickly we get an edict not to put these measures in place for the executive team. But of course, the executive team is the most vulnerable. So how do you work around human psychology in that regard?

How can technology leaders stifle the potential for insider threats?

Top Answer : Most of the breaches happening have been process-related for the most part. If somebody was actually doing the right thing by monitoring code access and data access, most of them wouldn't have occurred.  I think every one of us knows that while the cloud is fantastic for many things, it really has become far more complex over the last couple of years with all the different products and services being run. And at least for some of my past roles, the cloud is now the primary delivery mechanism for customer or consumer-facing information and applications, making it that much more important that it's secured appropriately versus something that’s more internally-focused.

Are there any tools that have helped ease your ransomware concerns?

Top Answer : I’m not worried about ransomware at my airport because I've air gapped, segmented certain things off. The portions and schedules that you can get from the internet are totally separate from anything dealing with the aircraft. Also for updating the aircraft themselves, everything is completely air gapped. Because I have it totally separated, it does make some things more difficult. People say, "I want access to take a look at whatever I did for timing on this," but that has to be done from the office. It’s at such a level that I can't make that kind of mistake.

How can IT leaders strike a balance between security and customer experience?

Top Answer : My approach is security by obscurity—I don't want anybody to notice it, except for the MFA. Anything beyond that, I don't want them even to see it. When I was at a former company, Fire Eye had a service where they sandboxed all your links, so I got Z-Scaler. I created scripts, etc., to auto-cure Z-Scaler when it broke so people wouldn't get disrupted. That was big because no matter how much awareness training we did, if I sent out a fake phishing email then everyone would click on it, so I knew they would click on a real one. Then I had a Rapid-7 tool that blocked impossible logins. It would tell me where somebody's logging in from, what they're logging in to, time, date, what kind of machine, etc. And I had a cloud access security broker (CASB) solution, where when somebody quit and they started downloading all their stuff out of Box, I would just cut off their account automatically if there was any anomaly from their normal daily behavior. All this stuff was automated, and nobody really saw it unless you were trying to steal.