Security has such a large number of subtopics that it’s sometimes difficult to define what the field looks like as a whole. It means something vastly different to a Security Engineer, a CISO, and a Developer. Realistically, at most companies, Security is the prevention of leaking customer data or exposing secrets. Usually this manifests as “let’s make sure only the logged-in user can view this information” or “make sure the password is stored securely.” These are important, but they don’t cover enough. Read more “Security by Design or by Accident”
While reacting to alerts and incidents after they occur will always be a reality of the security professional’s job, a purely reactive security approach is simply not effective given the way that today’s technical infrastructures and the cyber ecosystem itself have become ever more complex. With organizations adopting new technologies — spreading sensitive data across different cloud servers, service providers, containers, and even various SaaS platforms — it’s essential that they begin to take a more proactive approach to security.
This means putting in place repeatable processes and automating as much of your infrastructure as possible, leaving behind time-consuming, inefficient, and costly ad hoc tactics. It also means integrating Security with Development and Operations from the outset, and prioritizing communication between teams to attain positive business outcomes.
Failing to establish a proactive security posture runs you the risk of becoming a statistic, as you’ll see below. Here are five figures that may provide you with just the motivation you need to get started. Read more “5 Statistics That Prove Why Your Security Posture Can’t Be Purely Reactive”
Mean Time To Detect (MTTD) and Mean Time To Know (MTTK) are two of the most important metrics in security operations. Respectively, they measure the following:
- MTTD: How quickly you can identify something and generate an alert. It determines how fast you’re notified when something suspicious happens anywhere in your cloud or on-premises environment. Today, most security tools keep MTTD low, so you probably receive alerts pretty quickly.
- MTTK: How fast you can sort signal from noise when you get an alert. It measures how efficient the security team is at detecting real threats and understanding what those threats are. The shorter MTTK is, the sooner you will catch an attack in progress and be able to put a stop to it, reducing the negative consequences for your organization.
You can probably see why MTTK is a lot harder to make an impact on. It’s like seeing how fast you can find a needle in a haystack. Difficult, to say the least!
To begin, security teams are barraged with alerts on a daily basis, requiring manual work to sift through the noise to find a signal that indicates a real issue. Add on all the other tasks that need to be done aside from alert investigations, and it’s seemingly impossible to get ahead.
This is where automation comes in. Automation not only eliminates the need to manually handle tedious tasks (like alert response). It also helps you to optimize your existing resources, empowering them to actually focus on MTTK and get it under control.
In this post, therefore, we’ll take a closer look at how the Threat Stack Cloud Security Platform® can help you integrate security into your operations from the start so you can optimize alert handling and significantly reduce your MTTK. Read more “How to Use Threat Stack to Reduce Mean Time To Know”