SecOps Management: Challenges and Best Practices 2021
Security Operations (SecOps) has become an absolutely critical role in most organizations as cybersecurity threats are some of the most alarming challenges facing businesses in 2021 and beyond. On top of the security challenges, most organizations today are operating complex hybrid infrastructure, including public cloud resources. Unfortunately, hybrid cloud infrastructure leads to diluted network perimeters that make traditional defensive mechanisms less effective.
Effective SecOps operations require teams use many different technologies and new procedures. These include effective automation solutions to handle lower-level tasks. What other challenges are facing SecOps teams across the board? What role does SecOps Manager play in ensuring effective and efficient security operations today?
The challenges facing security operations (SecOps)
Never before have there been more challenges facing security operations teams. So what are these challenges in 2021 and beyond?
- Skills shortages
- Blurred infrastructure lines
- Shift to remote work environments
- Sophisticated ransomware attacks
- Cloud Software-as-a-Service (SaaS) environments
- Lack of automation
Let’s consider each of these challenges facing SecOps teams and, by extension, SecOps Managers in 2021 and beyond and see how these affect security in the enterprise.
1. Skills shortage
There is no question. There is a tremendous skills shortage in the world of cybersecurity. While it represents excellent opportunities for those looking to enter the world of cybersecurity, it also means challenges for enterprise security, filling the skills and knowledge positions needed to implement and carry out security operations effectively. So what specific skills are required? There are many. However, there are three pillars of technologies that lead to additional skills needed.
- Endpoint security – include skills needed to secure end-user devices such as laptops, mobile devices, workstations, and others
- Data security – Data is the target of most attacks. Attackers look for ways to compromise, lock up, and steal sensitive and business-critical data.
- Network security – The network is the plumbing that keeps devices and resources connected, whether on-premises or in the cloud. Defending and securing business-critical networks is a foundational skill of SecOps professionals.
2. Blurred infrastructure lines
Most businesses today operate in environments with blurred infrastructure lines. No longer are business-critical environments defined by a perimeter firewall filtering traffic from the Internet into all critical assets existing on-premises. Instead, companies now have very complex and diverse hybrid environments spanning on-premises and public cloud environments.
End-users now may be distributed across many different networks and geographic locations on the Internet. It blurs the lines of where the organization’s boundaries begin and end. With this shift in infrastructure layout, it can be challenging from a security perspective. No longer are there defined boundaries with the perimeter firewall. Businesses must think about how both on-premises and cloud resources, as well as end-users, are protected.
3. Shift to remote work
The global pandemic beginning in early 2020 emphasizes just how quickly the landscape of infrastructure can change. As businesses shifted most employees to remote work configurations, the entire end-user computing landscape for many organizations changed completely. While there has always been the concept of remote work, most businesses were not fully prepared for the number of remote employees and having the majority working remotely instead of on-premises.
The lack of preparation certainly applies from a security perspective. For example, SecOps must rethink how endpoints and data are secured when end-users connect outside the sanctioned corporate network. In addition, SecOps and business leaders must uphold regulatory compliance standards as business-critical operations are carried out, with most working remotely.
4. Sophisticated ransomware attacks
Cybercriminals and gangs are carrying out sophisticated ransomware attacks on businesses. These are especially targeting businesses as the payout is becoming increasingly lucrative. For example, in the Colonial Pipeline ransomware attack, attackers made off with roughly $5 million.
According to Cybersecurity Ventures, ransomware attacks will claim a victim every 11 seconds in 2021, with a cost of $20 billion. Ransomware is not going away any time soon. Today’s SecOps teams and management must be prepared to wage war against this most ominous of cyberthreats.
5. Cloud Software-as-a-Service (SaaS) environments
We are certainly in the era of cloud Software-as-a-Service. Organizations see the tremendous benefits of offloading infrastructure management to hyper-scale public cloud vendors like Google and Microsoft. In addition, consuming business applications as-a-Service provides an easy consumption model that allows access to next-generation software and applications quickly and easily.
Even with the tremendous power and benefits of cloud SaaS environments like Google Workspace and Microsoft 365, cloud SaaS environments prove to be a security challenge for businesses. Securing data from ransomware, exfiltration, leakage, and other modern cybersecurity threats will be one of the significant challenges SecOps faces in 2021 onward.
6. Lack of automation
With most organizations maintaining hybrid infrastructure that spans on-premises and public cloud environments, performing all the low-level security tasks needed to maintain adequate cybersecurity operations is too tedious and numerous to be handled by human beings. Effective SecOps must use automated solutions to keep up with the sheer number of events and log entries generated by most monitored systems on-premises and in the cloud.
One of the top issues reported by most SecOps teams is the high number of alerts and lack of security automation to triage and deal with those alerts. Therefore, implementing the right tools and solutions for security automation must be carried out, not only on-premises but also in the cloud.
SecOps Management – A key role in modern SecOps
A vital role in the modern SecOps team is the SecOps Manager. The SecOps Manager, Security Manager, or other title plays an instrumental role in the relative overall success of the entire SecOps team. The SecOps Manager is the person responsible for managing the security team.
Outside of the CIO and CISO, the SecOps Manager is the person who shapes the entire vision of the cybersecurity strategy of the organization’s security structure. It includes recommending and overseeing the technology tools and stack used daily to detect and remediate threats.
The SecOps Manager is also the person who evaluates the team’s skills needs and hires new team members who help fill any lack of expertise in specific key cybersecurity posture areas. This activity is critical as there is currently a talent shortage in the world of cybersecurity professionals. In addition to drawing new talent, the Manager role helps create a team atmosphere that caters to mentoring, training, and growing the talent of existing team members.
Individuals who have progressed to the role of a SecOps Manager have demonstrated significant technical and security prowess that allows leading a security team successfully. However, it also implies particular managerial skills.
Organizations without a dedicated CISO role
If a company does not have a dedicated Chief Information Security Officer (CISO), there will likely be additional roles and responsibilities that fall under the purview of the SecOps Manager. What might these other higher-level tasks include?
In general, a CISO is the chief security protector assigned to protecting a company’s people, assets, infrastructure, and technology from threats. CISO’s generally report directly to the board or the CEO and serve as a guide to navigating the treacherous waters of today’s cybersecurity risks.
The SecOps Manager may act as this guide to business leadership. Business leaders need to have this technical voice with the expertise to quantify security risks in terms of how they affect or could affect the business. A SecOps Manager filling this role would, of course, be more than just a hands-on engineer. While hands-on leadership is needed, this role generally requires one to be a technical and security visionary and give strategic guidance to business stakeholders.
One with automation implementation and leadership experience
Arguably, one of the invaluable technical skills SecOps Managers can bring to organizations today is security automation. As discussed earlier, the diverse workloads, hybrid infrastructure, public cloud resources, and increasingly remote employees make it next to impossible for security teams to protect environments using manual means successfully. Automation is essential.
One of the SecOps Manager responsibilities mentioned is recommending and overseeing the technology tools and stack used daily to detect and remediate threats. Additionally, taking a leadership role in implementing and managing automated security solutions is a must for successful SecOps Managers effectively implementing a proactive cybersecurity posture.
Note the findings of a recent IDG Research Services survey:
“55% rank lack of automation as the #1 challenge in security operations and management, reflecting their inability to manually analyze and respond to the flood of notifications and events generated by today’s increasingly complex security infrastructure. The problem is exacerbated by factors including the disparate toolsets involved, outdated technology lacking the APIs to support automation, and the time and advanced skill sets required to implement automated processes.”
Also, in the same survey:
“Nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges.”
The cybersecurity landscape is undoubtedly challenging. Therefore, SecOps Managers must evaluate, recommend, and implement the right cybersecurity automation solutions as part of the overall strategy to meet the current cybersecurity risks.
Next-generation cybersecurity automation tools for SecOps Managers
The world of cybersecurity products and solutions has exploded in the last few years, with numerous platforms vying for the attention of budget managers, including SecOps Managers. So what effective security solutions are SecOps Managers and cybersecurity professionals seeing benefits in protecting against current cybersecurity threats?
Organizations have been using security information and event management (SIEM) solutions for a while now. A SIEM aggregates, categorizes, and organizes information collected from multiple event sources. These solutions are now using next-generation machine learning (ML) algorithms to help with filtering through and analyzing data. However, even with a SIEM, organizations need more automation.
It has led to the evolution of security orchestration automation and response (SOAR) platforms. SOAR takes the capabilities of the traditional SIEM many steps further. It combines the data collected, analyzes the data, and then implements automated incident response workflows that automate and orchestrate actions to be taken without manual intervention. As a result, it saves tremendous time and effort to implement effective remediation to cybersecurity events in many cases.
Many businesses are implementing SOAR-based solutions for effective automation and incident response in their environments. However, another critical area of concern is public cloud SaaS environments, such as Google Workspace and Microsoft 365. Public cloud vendors lack the native security automation tooling that provides effective automated responses to threats such as ransomware.
A great example of a next-generation platform making it simple for SecOps and SaaSOps teams to properly manage and protect SaaS data is Spin Technology’s SpinOne. SpinOne provides intelligent cybersecurity automation for Google Workspace and Microsoft 365. In addition, it allows organizations to implement automated responses, including:
- Automated cloud SaaS application risk assessment – in seconds, SpinOne can evaluate and perform risk assessments of third-party applications and browser plugins integrating with your cloud SaaS environment. It provides continuous and ongoing monitoring and risk assessment, and automated approvals. The same level of risk management may take hours performed by a SecOps professional.
- Automated Ransomware Protection – Spin provides industry-leading automated ransomware protection by proactively blocking ransomware affecting the environment, revoking network access, proactively restoring affected files, and automatic notification of administrators. These actions are entirely automated, compared to the highly manual approach afforded by native security tools provided by Google Workspace and Microsoft 365.
- Domain Policies – Using SpinOne domain policies, IT admins, SecOps, and SaaSOps professionals can implement effective granular policies to enforce security automation across different groups or organizational structures in the environment.
Spin’s automated cybersecurity response solution helps to reduce time and effort and keeps essential staff reduced so that cybersecurity talent can focus on other areas of concern for the business. In addition, it provides the single, unified cloud security management platform that most organizations are looking for.
Operating a successful SecOps team depends on having the right talent filling the role of SecOps Manager. Often, this person has to fill many positions, even acting as the CISO for organizations without this role in the organizational structure. As a result, the SecOps Manager must bring many skills to the table, including a strategic vision for cybersecurity operations to meet current and future cybersecurity threats.
Implementing effective cybersecurity automation solutions is vital for SecOps Managers today as sophistication and the sheer number of threats are growing exponentially. With hybrid infrastructure, blurred network boundaries, and more remote workers than ever before, automated cybersecurity workflows will be the lifeblood of effective cybersecurity.
SecOps Managers today are using solutions such as SIEM and SOAR for effectively crafting security automation workflows. Also, robust cloud SaaS solutions like SpinOne are helping organizations to easily implement cybersecurity automation in cloud SaaS environments like Google Workspace and Microsoft 365.
Check out more information about SpinOne and sign up for a free demo here.