Buzz word time, as 2015 seems to be finding new terms for things InfoSec people have been doing for years. One of these is ‘Orchestration’, which is the processes and procedures performed by your organisation upon declaring a security incident.
Leaving aside the many new buzzwords that have led up to an incident being declared, Orchestration is important as it ensures that the correct and appropriate resources are immediately available. Orchestration is that buzzword that stops something minor from being something major – and that can only ever be a good thing.
So how do you get into a position where you are rapidly getting enough trusted information to perform Orchestration?
So that’s the second 2015 hot security buzzword into this article. Analytics is the rehashed term for ‘Threat Intelligence’, which is what we’ve all been doing for years. What is changing is that Threat Intelligence is moving from being a single product to being the output of crunching and analysing ‘big data’ – expanding and bolstering the output of a SIEM product with generic reporting engines.
If you host services across any network, the you really must have Protective Monitoring in place and it must feeding your Enterprise Security Management (ESM) product. You could also mirror some of the data into a reporting engine such as Splunk®.
Splunk themselves have jumped on the buzzword bingo and their products are actively marketed as ‘Operational Intelligence’, which although is close to ‘Threat Intelligence’, it is important to note that these are not the same thing. Splunk can be a valuable tool if it is being used correctly to bolster security monitoring, but it will never replace SIEM or ESM solutions.
All of this number crunching will only turn into Threat Intelligence when combined within the skills and experiences of Information Security experts from multiple domains. Your SecOps team needs the resources to call upon Tech Ops, Dev Ops, Infrastructure Engineers, Solution Architects, Tech Architects and support of your business. Orchestration is just as important into the creation of the Threat Intelligence and interpretation of the analysis – and maybe your SecOps team might need to be that little bit larger if you want to keep your service online for those 5 nines you promised the board.
FREAK, RC4 and SSL
I was busy finishing off the build of this website when FREAK started to make the...