It’s annual planning season. The security landscape is evolving and your 2022 roadmap has to keep up to reduce your risk. Managing a portfolio of cybersecurity solutions is no easy task. It requires the right balance between too much and not enough, which can leave analysts weighed down by tool sprawl while still being overwhelmed by all that's on their plate.
Security teams should always be looking at ways to streamline operations so they don't find themselves vulnerable in this constantly changing threat environment. The need is even greater today as hybrid working, where employees alternate between being remote and in the office, has become the new normal. A good security posture is your first line of defense against cyber-attacks and should always be considered a strategic goal.
Here are five quick tips to help improve your risk reduction efforts and maximize your return on investment (ROI) in the coming year.
Leverage no-code automation
Want to have more time to threat hunt, build alerts, and make sure your systems are up to date so they're collecting the right information, and they're actually relevant in today's environment? Advanced, no-code automation is the single most critical element in cybersecurity today. There are tonnes of alerts that are too noisy and difficult to investigate, so a bit of fine-tuning here via Tines really helps. Unsure where to start with automation? Check out this post.
Integrating Tines with our existing technology was incredibly easy, and the super-responsive support we receive has made the ride even smoother.
Tristan Waldear, Security Automation Manager, Box
Read more about how Box uses Tines here.
Retool with best-of-breed
No one tool can solve all of your problems. In the past, it was all about multipurpose platforms, nowadays, it’s all about curating a best-of-breed stack to ensure the right people can access the right information at the right time. Some tools must always be present, others can be added as needed.
As with threats, security solutions are also constantly evolving to enable organizations to better protect data, detect malicious activity, respond to attacks and recover from them quickly to minimize the impact; retire tools that were once useful but have become obsolete.
Whatever tools you choose, evaluate them in your own environment and make sure that they can all communicate with each other. Your security tools need to be highly capable, customizable, and fully integrable to handle complex, challenging, and increasingly high volumes of incidents. The real time to value is another really important consideration.
Tines is much easier and faster to integrate with external APIs. The other platform didn’t offer a lot of flexibility, especially if there wasn’t a pre-built plugin for the API we wanted to use. Tines lets us query APIs directly, saving a lot of development time, and allowing us to be much more flexible.
Brandon Maxwell, Security Engineer, Auth0
Read more about how Auth0 uses Tines here.
Invest in training
Your security posture is not only about the software you use, your security team must be properly trained to understand the standard protocol and make decisions that are necessary to optimize your SOAR capabilities. Training employees to be cognizant of your environment can take time but like automation, it’s a very worthwhile investment. No-code solutions typically remove barriers and speed up ROI, particularly for junior and newer analysts, and non-developers.
Tines requires a slightly different mindset because the tool is unique and there is nothing else quite like it. For somebody that's experienced with programming, they have the ability to be very customizable and free form and build something the way they want. For anyone else not used to programming or the platform, the prebuilt templates have made their lives a lot easier and allow them to actively build something that benefits the team in a very short period.
Matthew Petroske, Senior Incident Response Engineer, OneLogin
Read more about how OneLogin uses Tines here.
Prioritize alerts
The problem with the increased threat of cybercrime is that there isn't a single organization on the planet that has enough resources to protect them against every possible type of attack. It’s simply too complicated, too expensive, and too time-consuming. Performing risk assessments to figure out what alerts matter most to your organization today and adopting a business-driven approach to your security will ensure your analysts can respond to the right incidents, at the right time, in the right way. Context is absolutely critical. Seek out security tools that make it easy for analysts to immediately see which alerts are the highest priority, so they can better protect what matters most!
A major challenge in security is ensuring that you don’t bury yourself under alerts; it’s critical to filter false positives out before humans get involved. Having a tool like Tines helps us to be ready to onboard the next alert by empowering us to filter false positives, freeing up our time for more valuable tasks.
Mike Fountandez, Senior Security Engineer, Canva
Read more about how Canva uses Tines here.
Run drills
A zero-trust model with Multi-factor Authentication (MFA) and least privilege access can be a highly effective way to safeguard your organization’s data, but that doesn’t mean it’s unhackable. Running cyber drills at least twice a year will help you gain valuable insights into how your security team will fare against an attack and will ensure cybersecurity is ingrained in your organization’s culture. They’re also a good catalyst to update your cyber response playbook, so you know what steps to take and who to involve in the event of a breach.
Thanks to Tines, the first time an analyst looks at the case, they already have all the information they need to decide what action to take. This workflow saves around 50% of an analysts’ time working on each case. But it’s not just about time. Through using Tines, we eliminate the human error that can creep into manual processes, giving us valuable consistency to our security testing.
Tom Sage, Senior Security Engineer, Sophos
Read more about how Sophos uses Tines here.
Conclusion
Cyber security is a challenge that never ends. It's an issue of the utmost importance, especially in today’s fast-paced world where regulatory changes and increasing cyber threats mean it’s not a matter of whether you get attacked, it’s a matter of when you get attacked.
Organizations plan to allocate a greater portion of their overall budgets to cybersecurity in the coming year, according to a recent report by Gartner, but it’s critical security teams are empowered to reassess and retool to move from being reactive to proactive.