A Paradigm Shift in Cybersecurity: Building a Data Security Lake
Over time, cybersecurity has undergone significant changes due to evolving threats and the introduction of more sophisticated tools. This reality was discussed in episode #158 of the CISO Tradecraft podcast. The conversation focused on how the adoption of advanced technologies, such as the development of a data security lake, can hugely impact cybersecurity leadership.
## The Discussion: Building a Data Security Lake
The featured guest of the episode, Noam Brosh, walked us through the details of this critical subject. He is currently the Chief Information Security Officer at Hunters, a cybersecurity company that provides threat hunting capabilities.
G Mark Hardy, the host, underscored the importance of having a SOC, pointing out that most organizations have a myriad of tools to collect data. This includes EDR for endpoint analysis, WAF for application analysis, IDS for network traffic analysis, data loss prevention systems for data tracking, and identity and access management systems for user behavior analysis.
However, he highlighted that these tools, though incredibly useful, tend to focus individually on one asset class of technology. Their main drawback is that they lack a holistic view that combines and represents everything—this is where Security Information and Event Monitoring (SIEM) tools come in. A SIEM provides an opportunity to combine logs from multiple technologies and paint the whole cybersecurity story.
## Limitations of Traditional SIEM Tools
According to Brosh, while traditional SIEM tools provide focused alerts and notifications, and improve security visibility, they are complex to integrate and require a significant amount of training to handle effectively. Furthermore, the colossal amount of data can become a problem, impacting performance and raising costs. To make SIEMs more effective and cost-efficient, Brosh recommends focusing on the necessary data and logs while eliminating unimportant ones, also known as false positives.
## Enhanced SOC and SIEM Tools
As Noam Brosh explained, the future of cybersecurity hinges on next-generation SOC platforms and modern SIEM tools. These new tools offer automation for log ingestion, detection, and investigation, address multiple security operation use cases, and significantly cut deployment time by offering out-of-the-box features. Importantly, these tools do not require deep expertise, making them more user-friendly than their predecessors.
One essential aspect of these modern tools is their focus on handling third-party connection tools, essentially APIs. This allows them to run unattended and pull data automatically and securely from multiple sources, making them even more indispensable in modern cybersecurity measures.
## Outsourcing SOC Services and Handling Metrics
Another crucial development in the SOC tools space is the option to outsource SOC services and staffing to experts such as Hunters' Team Axon, especially when resources are limited or when encountering a talent shortage.
In closing, it's essential to remember that the role of CISOs remains profoundly important and dynamic, especially with the significant changes experienced in cybersecurity in recent times. The shift to a more holistic and efficient approach to data security lake building using modern SOC and SIEM tools is a testament to the unrelenting progress in this vital field.
To hear the full discussion please check out our youtube link: