Augmented Security Operations

There are, by some calculations, no less than 11 different types of tools used today by a majority of corporations in efforts to remain secure. On top of the now ubiquitous patch management processes, log management systems, security configuration management (SCM), and security information and event management (SIEM) software, many companies are now including newer technologies such as vulnerability assessment tools, threat hunting tools, and user and entity behaviour analytics (UEBA). That’s a sizeable maintenance fee right there, before we add in security orchestration and response (SOAR); say nothing of machine learning (ML) and/or artificial intelligence (AI) tools. Unless you’ve managed to negotiate a pretty sizeable budget increase, your department probably doesn’t have the capacity to keep up with that ever-changing landscape and still remain on top of day-2-day operations.

Augmented Security Operations, however, have the ability to remove that CEO/CFO objection from the capital balance sheet and on to the operational. Augmented Security Operations involves engaging with a trusted provider in security services to complement your existing security operations function. It doesn’t mean abdicating your responsibility and it doesn’t mean losing control of your security function. What it does mean, however, is accepting that no matter how strong your current security perimeter and how capable your operations, 10 eyes are better than 2.

There are plenty of security services providers offering general advice and consultancy on security best practices, and BC/DR (Business Continuity/Disaster Recovery) planning. Augmented Security service providers offer value-added services above these in terms of active threat hunting, cyber triage, and, if required, incident handling.

  • Active threat hunting involves finding gaps and/or advanced threats before they materialise. The publicly available MITRE ATT&CK framework; a knowledge base detailing hundreds of techniques used in cyberattacks, is a big help here. But unless you know how to make practical use of it, chances are you’ll miss the best of what it has to offer.
  • Cyber triage means weeding out the major threats from the eventual problems from the inevitable white noise. This translates to letting your team focus on the most significant issues requiring the most immediate attention.
  • In incident handling, speed equals money. Slow responses risk higher cost. Speedy responses with wrong (or bad) choices, no less so. No-one disputes, you know your business better than an outsider. But if you don’t have the capacity or skills in-house, a trained incident handler can manage the response effectively and streamline the time to recovery.

Security staff are overrun with information today, with no time to sort through the multitude of concerns and threats that face them. Augmented Security Operations is a cost effective option to create scale within your security teams without the incumbent costs.