“And then there is incident response, which is about investing in a plan and a team that can help you recover when a security incident happens,” he added. “This can be a team from your MSSP or from your own team and Trusted Advisor who are taking a step above monitoring and are trying to define how to better protect the organization.” This initiative often includes Artificial Intelligence or Machine Learning, leveraging Big Data to help identify potential threats in key areas, and to determine what the response should look like in the event of an attack. While falling short of actually fighting back, “Adaptive” security takes proactive security to the next level with a stronger focus on how to deliver the best possible outcome for the organization. Some of the things that fall into that category would be threat hunting, in which the organization engages an expert who specializes in security issues around your particular industry. That person does a com- prehensive search for any evidence that the client organization is suffering from any of these specific breaches or attacks. “This is about proactively using a tactical team to go look for what might impact your organization,” explained Hayman. “You can do that across your network, including the endpoints. Then there’s secu- rity orchestration, which is the automation of tasks that otherwise would need to be done by a secu- rity team or even an IT infrastructure team. Next, add behavioral analytics to allow you to understand what’s happening with your users and whether they are doing anything that is outside the typical thing that they would be doing on Friday at 2 am, for example. If it sees a behavior that it believes is out of the norm, it blocks or restricts access to it.” In evaluating these positions, it’s important to understand the company’s relative maturity with respect to security, and the types of assets that most notably need to be secured. Oftentimes, compli- ance requirements actor into this equation, as well. The cost of moving from one level to the next can be highly variable and dependent upon the number of users, number of locations, specific technologies, whether the capabilities are cloud-based or data center-based, as well as a number of other factors. Most enterprises categorically fall into what we call the “proactive” phase of security; that is, they’ve implemented resources like intrusion detection, penetration testing, and a formal incident response plan. However, most have yet to achieve the “adaptive” phase of security, where their introducing pro- active threat hunting, monitoring the dark web, and implementing end user/entity behavior analytics to identify abnormalities. Reaching this phase is pivotal to achieving security resiliency in a disruptive climate. Copyright © 2020 ACopyright © 2020 AVVANT CommunicANT Communicaations, Inc.tions, Inc. 204 Copyright © 2020 AVANT Communications, Inc. 7
Managed Security Trends and Insights Page 20 Page 22