What will be the top areas of cyber security focus in 2021?

Iris Networks Cloud and Security Logo Full
2021 top cyber security focus

What will be the top 5 areas for cyber security focus in 2021?

As the curtains close out on 2020 and the promise of new things shines the lights on to 2021 we look back at what enterprises did in the previous year to support the rise of the teleworker, the unfaltering desire to move more and more in to the cloud and the never ending threat from cyber crooks that keep businesses leaders and cyber professionals alike tossing and turning at night.

1. Securing remote and dynamic workforce - identity assurance and XDR

Pre-covid19 and with digitalisation, organisations were already working with geographically distributed teams, and with covid19, many are now looking to keep their workforces remote even beyond the crisis.  As workforces become more distributed and remote, and with a widened and complex threat landscape, the traditional approach to security must has to be reimagined.

Protection combined with proactive approach to threat detection and response delivers visibility into data across networks, clouds and endpoints while applying analytics and automation to address today’s increasingly sophisticated threats. Enter eXtended Detection and Response (XDR) and Zero Trust (ZTNA) to support the noticeable acceleration in SaaS-based Identity Access Management (IAM) and Identity Governance and Administration (IGA) seen in 2019-2020.

ransomware image

2- Ransomware protection and cyber hygiene

According to ENISA, an estimated €10.1B were paid in ransoms during April 2019 – April 2020,  €3.3B more than 2018. This makes ransomware the second most common and costliest types of extreme cyber events, according to IRIS2020 report. The sophistication of threat capabilities increased in 2020, with many attackers using exploits, credential stealing and multi-stage attacks. Considering the high yield for attackers and organisations struggling with cyber hygiene, we expect an increase in ransomware.

Significant progress has been achieved by organisations such as Europol and over 150 partners with the ‘No more ransom project’ . The portal has added more than 30 tools and can now decrypt 140 different types of ransomware infections. The Lockheed Martin Cyber Kill Chain framework can be used to map each step with the controls that organisations can implement.

3- Cloud Posture - CSPM, CWP (host, container, serverless), and microsegmentation

A successful move to the cloud is much more than just moving data. It’s an opportunity to transform the way organisations work, how they interact with data, how they interact with each other, and how they enable their teams to work with the best possible tools. Welcome to the world of “workload-based architecture” and hybrid multi cloud environment.

Unfortunately, nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes. Security leaders would increase investment in cloud security posture management (CSPM) processes and tools as well as monitoring and protecting cloud workloads (Cloud Workload Protection – CWP) to proactively identify and remediate these risks.

4- Visibility and monitoring – adopt the triad model but bring in DevOps and AppSec

The Security Operations Centre (SOC) Visibility Triad is a network-centric approach to threat detection and response, as described by Gartner in 2015 and 2019. The SOC Visibility Triad model leverages data from three core pillars:

  1. Logs/user and entity behaviour through SIEM complemented by UEBA and SOAR
  2. Network traffic through network detection and response (NDR)
  3. Endpoint detection and response (EDR).

 

Although this is still valid in 2020, modern security operations will continue to demand integration of applications and modern development practices such as DevOps, from the first line of written code through production. Aligning the contrast platform to the modern enterprise security architecture with the SOC provides deeper visibility and enhances the security posture of the digital landscape while benefiting from efficiently secure software at DevOps speed and providing intelligent, real-time, and actionable responses to block and mitigate application threats.

Security must shift left. Security leaders will need to completely reimagine how SOCs are built and managed — sentient enough — to keep pace with digitalisation with new level of rigour, adaptive and agile processes, and collaboration across the organisation.

data access governance

5- Data access governance (DAG)

As more and more organisations are making their journey to the cloud, they are faced with regulatory challenges and what to do with an increasing amount of sensitive data in unstructured formats, often found in storage solutions that are far less secure such as file shares, collaboration portals (such as SharePoint), cloud storage systems (such as OneDrive or Box), or emails.

Although Cloud Native DLP and CASB DLP both act on data at rest, organisations are confronted with running multiple disjointed governance solutions exposing themselves to security risks which often stem from duplicated and inconsistent policies, access requests and certification in this new world of work-from-anywhere, IoT, Cloud and GDPR.

DAG is becoming of more interest as a solution that works on the same basis as DLP, but instead of quarantining, encrypting or deleting data, provides large amounts of information about the data structures, access and use – as well as sensitivity and therefore some idea of risk, especially Data Security Governance.

Special mention: Iot and IoMT for manufacturing and healthcare

A June 2020 research by HelpnetSecurity of anonymised data from more than five million unmanaged IoT and IoMT deployments across a variety of verticals including healthcare, life sciences, retail and manufacturing, found a staggering number of vulnerabilities and risks concerning connected devices.

There are real risks and threats posed by IoT, IoMT, and other connected devices if not accounted for and properly managed. As many analysts predict, there is no sign of the slowing of adoption of IoT devices, thus security needs to be prioritised.

Organisations need to refocus on this growing attack surface of unmanaged and IoT devices with a better uptake on solutions to discover every managed, unmanaged, and IoT device on and off of their network, analyse device behaviour to identify risks or attacks, and protect critical business information and systems.

Iris Networks Cloud & Security offers four distinct Managed Security Services to support our customers:

  1. One-off Cloud Security Posture Assessment Service

This one-off cloud security assessment  helps organisations to reduce their risk, and improves the visibility of their data life cycle in an era where cyber threats are complex and multi-faceted.

In this model, we provide a one-time assessment service our SaaS environment or for highly regulated customers, we also set up an on-demand offering.

Carrying out a cloud security assessment is a practical and strategic exercise to improve your cloud security health. A cloud security assessment helps you reduce your risk, and improves the visibility of the data life cycle in an era where cyber threats are complex and multi-faceted.

 

  1. Managed Cloud Monitoring

This service provides organisations with continuous security monitoring, compliance adherence and custom policy building effectiveness, across multiple major cloud platforms.

As businesses everywhere move onto the cloud, they face new security challenges. There are thousands of configurations in the cloud and the numbers increase exponentially as you start leveraging more and more services from Cloud Service Providers and more so, when you have a multi cloud posture. It then becomes humanly impossible to keep up with and understand the nuances of the configurations involved in some of the key components in the cloud, mainly centred around Compute, Networks, Identity and Storage. 

 

Using our industry-leading cloud-native platform, our Mission Control team enable you to have assurance that continuous monitoring, compliance adherence and custom policy building are effective as well as detecting cloud vulnerabilities and attacks as they occur, across multiple major cloud platforms. Our team work directly with you as an extension of your team, bringing their cloud security expertise to bear to guide implementation, risk surface identification, and ongoing cloud monitoring, enhancing your cloud strategy security posture.

  1. Managed SIEM

This service goes beyond Managed Security Services, and is tailored for organisations not comfortable off-loading their data to a provider, while maintaining full transparency working with our Mission Control.

It covers a blended group of security operations specialists, running, managing, and perfecting your tools, while you retain total ownership.

This service enables your security analysts to prioritise alerts, and respond to the most suspicious threat behaviour faster, and ensuring that threats don’t go unnoticed and linger in your environment.

  1. Managed Detection & Response (MDR)

MDR is for organisations struggling with detecting and responding to modern cyber threats efficiently across all environments: IT, OT, and cloud. MDR a cost-effective alternative to building an in-house SOC, delivers real-time monitoring, detection, and response using a holistic, turnkey approach.

We provide 24×7 coverage, extensive security expertise, and a well-staffed security team ensuring that threats don’t go unnoticed. We eliminate alert fatigue and false positives to promote a faster response with detection, and response capabilities that are tailored to your specific needs. Our Mission Control team work directly with you as an extension of your team to perform threat hunting, incident response, and guided remediation, while also providing strategic recommendations tailored to the unique needs of your environment.

 

For more information, or to book a no obligation solution overview, contact the team on 

 

Tel: 01925 357 770

 

Email:  sales@irisnetworks.co.uk

Iris Networks Cloud & Security

What are successful organisations doing to beat today’s sophisticated cyber threats?

Iris Networks Cloud and Security Logo Full

What are successful organisations doing to beat today’s sophisticated cyber threats?

Security Information Event Management (SIEM) has been the centre of the security operations centre for over a decade now.  SIEMs are intended to log as much data as possible in order to assist with incident detection, response, and investigation. One challenge is that it can be prohibitive, either from a cost or storage perspective, to log everything. This is particularly true for the logs on all of the endpoints in an environment.

Modern IT and OT networks push massive amounts of data throughout the ecosystems per day, generating thousands of alerts and not enough security operations analysts to address these. Valuable time is wasted searching for the missing context needed to determine what’s a real threat and its priority, and too much time lost due to overwhelming numbers of false positives. Unfortunately, this has been the golden goose for countless number of MSSPs. With attackers aware of these limitations of SIEM tools (both technology and economics), the best way to evade a SIEM security is to use tactics that are unlikely to be logged at all. SIEM solutions do a fantastic job of aggregating logs, but need more context for them to make sense of the data

Over the last five years, the industry began shifting from log aggregation and rule-based event monitoring to security analytics, and user and entity behaviour analytics (UEBA). Unfortunately, attackers are growing confident and focus more and more on avoiding detection by well-known security analytics use cases such as in the recent Solorigate supply chain attack, where they took steps to avoid being detected based on IP geolocation anomalies, or by detecting Command & Control traffic based on typical beaconing behaviour. In short, experienced attackers are paying attention to what the best blue teams (e.g., FireEye) are doing out there and tweaking their methods to avoid detection.

SIEM tools are good but remain low on the detection maturity scale. Security Analytics methods are a powerful, and sometimes the only way to detect advanced attacks. Organisations adopting SIEM and security analytics-based use cases across the many tactics of the Mitre ATT&CK framework have a higher chance; however, monitoring remains an arduous task. Enter threat hunting, a proactive technique that combines security tools, analytics, and threat intelligence with human analysis and instinct as well as the quality of the data, not the quantity.

SIEM, Security Analytics, UEBA, security use-cases as well as Security Threat Hunting are capabilities that have provided a new map to direct and address execution and critical resourcing issues that have troubled the industry. To complement these, security automation technology such as Security Orchestration, Automation, and Response (SOAR) driven by artificial intelligence offers streamlined security operations in three key areas: threat and vulnerability management, incident response, and security operations automation.

The rapid rise of cyber threats is outpacing many organisation’s ability to combat these. At Iris Networks, we believe that a winning approach requires rapid detection that provides greater contextual relevance to the business and built on a dynamic understanding of an ever-changing threat landscape. This means a different AI-driven capability combining SIEM, Security Analytics, UBA, security use-cases as well as threat hunting and security automation to provide a new map to direct and address execution and resourcing issues that have troubled the industry. 

Iris Networks Cloud & Security offers four distinct Managed Security Services to support our customers:

  1. One-off Cloud Security Posture Assessment Service

This one-off cloud security assessment  helps organisations to reduce their risk, and improves the visibility of their data life cycle in an era where cyber threats are complex and multi-faceted.

In this model, we provide a one-time assessment service our SaaS environment or for highly regulated customers, we also set up an on-demand offering.

Carrying out a cloud security assessment is a practical and strategic exercise to improve your cloud security health. A cloud security assessment helps you reduce your risk, and improves the visibility of the data life cycle in an era where cyber threats are complex and multi-faceted.

 

  1. Managed Cloud Monitoring

This service provides organisations with continuous security monitoring, compliance adherence and custom policy building effectiveness, across multiple major cloud platforms.

As businesses everywhere move onto the cloud, they face new security challenges. There are thousands of configurations in the cloud and the numbers increase exponentially as you start leveraging more and more services from Cloud Service Providers and more so, when you have a multi cloud posture. It then becomes humanly impossible to keep up with and understand the nuances of the configurations involved in some of the key components in the cloud, mainly centred around Compute, Networks, Identity and Storage. 

 

Using our industry-leading cloud-native platform, our Mission Control team enable you to have assurance that continuous monitoring, compliance adherence and custom policy building are effective as well as detecting cloud vulnerabilities and attacks as they occur, across multiple major cloud platforms. Our team work directly with you as an extension of your team, bringing their cloud security expertise to bear to guide implementation, risk surface identification, and ongoing cloud monitoring, enhancing your cloud strategy security posture.

  1. Managed SIEM

This service goes beyond Managed Security Services, and is tailored for organisations not comfortable off-loading their data to a provider, while maintaining full transparency working with our Mission Control.

It covers a blended group of security operations specialists, running, managing, and perfecting your tools, while you retain total ownership.

This service enables your security analysts to prioritise alerts, and respond to the most suspicious threat behaviour faster, and ensuring that threats don’t go unnoticed and linger in your environment.

  1. Managed Detection & Response (MDR)

MDR is for organisations struggling with detecting and responding to modern cyber threats efficiently across all environments: IT, OT, and cloud. MDR a cost-effective alternative to building an in-house SOC, delivers real-time monitoring, detection, and response using a holistic, turnkey approach.

We provide 24×7 coverage, extensive security expertise, and a well-staffed security team ensuring that threats don’t go unnoticed. We eliminate alert fatigue and false positives to promote a faster response with detection, and response capabilities that are tailored to your specific needs. Our Mission Control team work directly with you as an extension of your team to perform threat hunting, incident response, and guided remediation, while also providing strategic recommendations tailored to the unique needs of your environment.

 

For more information, or to book a no obligation solution overview, contact the team on 

 

Tel: 01925 357 770

 

Email:  sales@irisnetworks.co.uk

Iris Networks Cloud & Security
Do NOT follow this link or you will be banned from the site!