While security strategy covers a vast array of initiatives, there are strategic commonalities across any organization that can improve alignment to business strategy and reduce risk.
From getting a security sponsor on the senior management team to aligning with technical personnel on the IT team to improve hardening and then testing those components, there are many ways to decrease organizational risk.
In this video Chris Yule, SecureWorks Senior Principal Consultant, gives 5 tips on security strategy that can help organizations decrease risk associated with misalignment of business and IT initiatives and a lack of cultural awareness.
I would say there’s 5 things that you need to do for security strategy. You need to tie it to the business strategy, make sure you get business buy in and having a sponsor on the senior management team is always crucial to make sure that the whole organization really understands what you’re doing. You need to limit your attack surface, so harden things, reduce the exposure, all the typical stuff that IT security tends to be doing in terms of locking things down. Increasing visibility is a crucial one so that you’re not just trying to harden things but you’re also trying to tear things down, so you’re testing, your vulnerability scanning, you’re doing penetration tests, your monitoring your infrastructure for the bad stuff so that you’re not just relying on the hardening that you’re doing but you’re also testing it and monitoring for the bad stuff so when it happens you can find that. You need to build a culture of security in your employees, so make sure that everybody’s trained, everybody knows what their role is within the organization to keep things secure. And lastly you need to be prepared for when things go wrong. Incident response plan because everybody will get breached at some point regardless of what you do. So making sure you know what your role is, what the organizational responsibilities are and what the plan is to contain and eradicate that when it happens.
We generate around 2 billion events each month. With Secureworks, we are able to crunch down that number to 20-30 high fidelity alerts — and that makes my team's job much easier.
Sunil Saale, Head of Cyber and Information Security, Minter Ellison
Red Cloak™ Threat Detection and Response isn’t just the next generation of SIEM, it’s an evolution.
David Levine, CISO, Ricoh Group
The old approaches to cybersecurity are no longer adequate. It’s time for something new. Layered defenses can create almost as many problems as they solve, and security teams struggle to keep up with the threat. What you need is context across all your layers of defense with the right people, processes, and technology working together in concert. That’s how Secureworks can help. Using 20+ years of industry knowledge, advanced analytics, industry-leading threat intelligence, and the network effect of more than 4,000 customer environments, we provide world-class cybersecurity solutions to customers around the globe. This unmatched experience empowers our customers to be Collectively Smarter. Exponentially Safer.™
Our Managed Detection and Response (MDR) solution is comprehensive, powered by our cloud-native software Red Cloak™ Threat Detection and Response that uses AI and machine learning to deliver better outcomes for your security operations. MDR unifies telemetry from your existing security technology to maximize visibility, reduce complexity, and enable you to move at the speed of the threat. Learn more about how Managed Detection and Response uses contextualized visibility to improve your organization’s security posture.