Security operations has always been a system of evolution. New attack surfaces crop up and bad actors find ways to exploit them. The security operations team identifies something amiss in their environment, mitigates the incident, figures out how it happened, and adapts their security to keep it from happening again. It’s a never-ending cycle. Trying to anticipate the next attack and stop it before it happens is what keeps security practitioners up at night.
With the pandemic of 2020, a lot of companies have shifted to a largely remote workforce to keep their operations moving. That’s included their security operations teams in many cases, moving them from a dedicated Security Operations Center (SOC) to working from home. And we mean home in the literal sense, as no one is working remotely from coffee shops and cafes in this global pandemic. While there are some benefits to this new normal, many of the teams are having to adapt to life without their bank of status monitors and the ability to look over each other’s shoulders as incidents unfold.
The shift to a remote workforce has also changed how security operations teams are seeing the world. Most organizations have some employees that work mostly outside the office, but now the majority of an organization’s employees are working from home over VPN, remote desktops, or SaaS applications. That’s forced the SOC to shift focus to recognize when something’s happening outside their usual environment, without losing sight of what’s happening close to home. After all, the surface has changed but the old threats haven’t magically gone away.
Adapt, Adapt, Adapt
This work from home model probably won’t change dramatically once the pandemic subsides. For organizations that can support a remote workforce, this will become the new normal. Users will have to adapt. The SOC will have to adapt. Sadly, the bad guys are already adapting.
We’ve already seen an increase in malicious attacks that target remote access through unpatched vulnerabilities, drive-by web exploits, and phishing emails that target users. It doesn’t matter whether the bad guys drop malware or acquire compromised credentials, the security operations team will have to deal with the infection.
Not so fun fact: we’ve received a couple of targeted business email compromise (BEC) attempts already this week.
There are classes you can take to learn how to identify BEC and phishing attacks, so users don’t become victims. User education is actually a great start. Make users a part of the solution instead of an expanded attack surface. Give them, and the security operations team, the knowledge they need to avoid becoming part of the problem. But user education is not enough.
Something else that can help exponentially is advanced security analytics. By using AI and machine learning, analytics can present the security operations team with risk prioritized alerts so they can focus on the most important events efficiently and effectively. Even without the big screens that are the hallmark of most SOCs, they can get everything they need in a single location and use that to halt an attack before it grows from an account compromise to a major data breach.
Watch the Webinar
Would you like to learn more about how AI-based advanced analytics serves as a force multiplier for managing security operations with a remote workforce? Watch our webinar replay where we discuss how advanced analytics empowers the security operations team. It lets them stay in control, even in the face of a brand new “normal.”