Ryan Couch

In a couple recent blog posts, we have been focusing on the reasons why organizations are finding it more difficult than ever to justify building a SOC, or, a Security Operations Center, in-house.  Though the alternative of using an MSSP (Managed Security Service Provider) can be a frustrating experience, there are very few organizations that can defend building a SOC in-house.

To help bridge the gap between these two solutions, and to provide a good alternative to an in-house SOC, we wanted to build an operation that is different from other MSSP offerings and effectively do away with all of the negative connotations that come with the territory. That solution is CYDERES, our 24/7 human-led and machine-driven security-as-a-service.

We understand a lot of organizations have invested a lot into building their own SOC, but that there can be many issues that arise as they try to keep up with day-to-day operations for their security teams, while also continuing to lead and focus on the core aspects of their businesses. With CYDERES we can help reduce the headache of any organization looking to start transitioning to fully-managed security.

We previously looked at some of the cost factors that make building an in-house SOC difficult. Today, we’re going to look at another challenge that can present itself when building a SOC in-house, and how CYDERES can be an effective alternative. In this post, we will be looking at why talent is a huge factor as to why organizations struggle to build a SOC in-house.

Talent is Hard to Find

There is a shortage of talent in the field of cybersecurity. This causes problems for organizations trying to build out their cybersecurity programs within their company. By 2021, experts predict we’ll see 3 million open cybersecurity positions worldwide, with at least one quarter of those unfilled jobs in the U.S. alone. That’s more than triple the shortfall that existed just two years ago. Let’s keep that statistic in mind as we look to our first point.

It takes a small army to run a Security Operations Center effectively.

At minimum you will need a staff of 16, if not more, according to our experts at CYDERES. You want to make sure every shift will be covered, and that you have enough staff to fill in when your team gets sick or goes on vacation. If every organization wanted to build a SOC in-house, how would they fill all of the necessary positions when there is already a severe talent drought?

Furthermore, with current professionals in high demand, a lot of the best talent in the field is getting snagged by organizations whose core focus is on security, and not operating a SOC on the side. This creates another impediment to anyone trying to build a SOC in-house.

At this point, some of you may be feeling like we’re writing about your exact situation, while others may already have a full team ready to go, and may be under the impression that they have beaten the illustrious ‘talent shortage’. Well, many organizations may have a crack team on the payroll today, but what happens when someone moves on, or retires? There may be a significant gap in your team as you try to lure another professional who is just a qualified as the person who just left. The talent shortage has far-reaching ramifications, even beyond the immediate future.

The ‘Talent’ to Look Ahead

Cybersecurity is a relatively new field. We are just now exploring what the capabilities and possibilities of this field are. Threats and solutions are continuing to evolve every day, and the security threats of today are not the security threats of tomorrow. This means that security teams need to be constantly devoting some of their resources to learning and looking at what’s on the horizon.

Unfortunately, because a lot of teams are facing a talent shortage, they don’t have enough people to move beyond putting out fires every day. Therefore, a lot of administrators are just focusing on what’s going on today, and aren’t looking forward. This can create huge problems for organizations in the long-term.

It’s vital for the current generation of business leaders to continually look for next generation solutions so that they are prepared for tomorrow’s threats today. In-house resources may not be enough to achieve this goal. Your current team may work for your current needs, but transitioning to a fully managed security-as-a-service provider will allow you to start looking ahead without straining the staff you already have on the payroll.

Using CYDERES Over an In-House SOC

With CYDERES, we can make many of the issues listed above obsolete for your organization, either through augmenting your current SOC, or by gradually transitioning your in-house solution to our fully-managed security-as-a-service offering.

We have put significant focus on attracting and retaining the best talent in the business. We have invested in our facilities to give our professionals a world class space to operate in, and built a great foundation of an awesome team that is our best advertisement we could ask for to attract other professionals of their caliber.

We have dedicated teams for specialized threats, both for the threats of today, and the threats of tomorrow, which brings a lot of value to our customers. We have also created a structure that allows us to adapt to your needs. Maybe you already have a couple of experts already that know a lot about your business. We can work to augment the work of folks that are already ingrained into your corporate structure to allow you to get the best solution for your particular needs.

The best part, in working with CYDERES, you can redeploy your resources elsewhere so you can focus on your business… We’ll handle your threats.

If you are interested in talking with our CYDERES professionals to see how we can help create a better way forward for your organization, fill out the form below, and we will be in touch soon.

Though Fishtech works every day to give cybersecurity the awareness it deserves, each October,
we’re happy to see an extra emphasis given to the importance of taking proactive steps to enhance cybersecurity at home and in the workplace during National Cybersecurity Awareness Month.

Each year we hope to share lessons that we have gleaned from more than two decades of shaping the landscape of cybersecurity solutions. These insights are often tried and true principles worth revisiting, as we continue to prepare for an ever-evolving future.

Cybersecurity Requires More Than a Nod of Approval from the C-Suite

In today’s business environment, cybersecurity risk management programs are more important than ever. Traditionally, this has been recognized by the IT teams who would try to stress the importance upstream, but as businesses continue to undergo digital transformation, modern cybersecurity programs require buy-in from the C-suite.

Cyber attacks affect every aspect of an organization, from IT, to finance, to HR. The leaders of the organization need to prioritize their focus on mitigating the cyber risks inherent to modern business to protect everyone under their purview.

Cyber-Hygiene is Not Enough

It may be easier to go through the motions and make your way through the normal checklist and make sure you’re complying with standards that may or may not be right for your business.This approach is just not enough. Organizations need to take an approach informed by data.

Focus should be on threats that pose the biggest risk, not those that are part of your routine “box checking”.

Network Data is Not Enough

Internal threats detected through network logging and aggregation are detected too late. Early indicators of internal threats come from human actions and attitudes. There are better ways to get in front of potentially devastating internal attacks. There are solutions that use better models than network data to reveal behaviors of potential insider threats, well before they become a problem (a particular specialty of our friends over at Haystax).

Technology Alone is Not the Solution

You may have heard us talk about people, process, and technology. That’s because all three of these are integral to a proper cyber-risk management program. Many security vendors will try to sell you software that is the be-all and end-all of cybersecurity. There are more factors to a complete cybersecurity program than the “perfect technology”. You need trained staff that will follow processes exactly as they are specified so that all other factors that could provide a vulnerability outside of what each technology protects from will be mitigated.

Cybersecurity Awareness in 2019

While we believe that these four items carry particular importance to organizations overall, we have also loved the overarching themes of 2019’s edition of National Cybersecurity Awareness Month: “Own IT. Secure IT. Protect IT.”

With these themes, there is more of a focus on personal accountability to help create a foundation of proactive behaviors and awareness to strengthen each individuals’ knowledge and confidence to help create a culture of cybersecurity throughout each organization.

We will highlight a few of the basic strategies of each theme below, but we definitely
recommend checking out more resources on each of the following areas to make sure your
knowledge is up to date on best practices in cybersecurity for you and your organization.

Own IT:

• Be aware of what you share on social media.
• Review your privacy settings for each app that you use, and continue to do so with
  regularity.
• Make sure your applications and accounts only receive the base level of information. If
  they are asking for too much, ask yourself if you really need to use these tools.
• Don’t forget about smart devices. Monitor how these are used as much as you would
  with your smartphone.

Secure IT:

• Create strong and unique passwords or passphrases. The more characters the better.
• Utilize multi-factor authentication for added security.
• Take care when shopping online. Make sure you are shopping at places you know you
  can trust.
• Scrutinize every email that includes links or requests for information to protect yourself
  from phishing.

Protect IT:

• Make sure you update to the latest security software, web browser, and operating
  systems.
• Avoid public Wi-Fi as much as possible.
• If you are collecting customer/consumer data, make sure it is secure.
• Cybersecurity is important in the modern age, and it is important to re-evaluate your own
  adoption of cybersecurity practices as much as possible.

We hope this post helps give you a starting point on items to re-visit on your quest to #BeCyberSmart.

We hope you have had a successful National Cybersecurity Awareness Month. If you have any questions for our experts on how to improve your cyber awareness, fill out the form below to get connected!

The Threat Hunt Tour, powered by Chronicle with Fishtech Group’s CYDERES, roars on! Find us in the coming days in Houston, Dallas, and Phoenix. Are we coming to your city?

We’re bringing the tour to 15 cities through early November to highlight the capabilities of Google’s Chronicle and Fishtech Group’s CYDERES. We want to demonstrate in-person how this superlative platform and expert consultants can literally change the security landscape of your organization and combat the threats you face every day.

For more information on the Threat Hunt Tour and to find registration links for the remaining tour stops, visit ThreatHuntTour.com

In this blog, we’ve been covering some of the various threats to your business all month long. We’ve already covered the inefficiencies of legacy SIEM in our last post and how the slow speed of legacy SIEM is a threat to your business. We’ve talked about the rising and unscalable costs of legacy SIEM solutions.

We’ve established the harsh truth that legacy SIEM is inefficient and inexpensive. There’s another very real threat to your organization that everyone in cybersecurity knows all too well – the huge shortage of skilled and ready-to-go talent in the industry. And this threat just may be worse than you think.

Chances are your cyber defenses don’t measure up to the high standards you set when you took the job. The biggest reason may be you just can’t hire or retain enough personnel with the skills and experience necessary to mitigate your worst cyber threats.

By 2021, experts predict we’ll see 3.5 million open cybersecurity positions worldwide, with at least 500,000 of those unfilled jobs in the U.S. alone. That’s more than triple the shortfall that existed just two years ago. Meanwhile, cyber-attacks are growing in scale and impact.

The problem is not merely a talent shortage. There are plenty of people interested in a cybersecurity career. And while companies need people who can be effective immediately, they may not require traditional, let alone advanced, degrees.

Imagine having access to human-led, machine-driven security-as-a-service combined with unmatched speed and scalability to steer your organization through the next cyber attack. We’ll show you how to get just that during the Threat Hunt Tour.

Organizations are slowly coming around to an acceptance of partnerships to meet their cybersecurity mission. Foundational to that acceptance are these beliefs:

1. Cybersecurity has become too specialized, technologically complex and labor intensive to manage only in-house
2. Digital transformation is making these partnerships a viable option even for something as consequential as company security.

CYDERES is this new breed of partner — neither a conventional outsourcing firm nor a pure consultancy. Instead, CYDERES experts offer security-as-a-service and bring unrivaled Chronicle expertise to enhance your security operations.

We’ll be talking about that and more during the Threat Hunt Tour that is running through early November.

It’s time to prey on your threats – instead of letting them undercut your vision and goals for the future.

Attendees will leave the tour with a FREE demo environment of Chronicle, the security telemetry platform that will give you unmatched speed and unequaled scalability when analyzing massive amounts of data to hunt the threats to your organization.

Learn how to search through petabytes of security telemetry in a fraction of the time at a fraction of the cost of traditional SIEM providers.

Join us on the tour to learn how CYDERES brings unrivaled Chronicle expertise to enhance your security operations through human-led, machine-driven security-as-a-service. CYDERES is the seasoned expert you need to help your team fully realize the game-changing capabilities of Chronicle.

WE’RE COMING TO A CITY NEAR YOU!

Check out our tour stops and register to save your spot. Space is limited, so don’t delay. Visit ThreatHuntTour.com for registration links, and more information. We’ll see you soon!

The Fishtech CYDERES Threat Hunt Tour, powered by Chronicle is continuing this week in Chicago, IL and Reston, VA. Join us in your city!

We’re hitting 14 cities over the course of the next two months to highlight the capabilities of Google’s Chronicle and Fishtech Group’s CYDERES and how they can change the security landscape of your organization, and combat the threats you face every day.

For more information on the Threat Hunt Tour and to find registration links for each of the tour stops, visit ThreatHuntTour.com

To give you a taste of some of the information we’ll be covering on the tour, we’re going to be looking at various threats to your business all month long. It’s time to prey on your threats – instead of letting them undercut your vision and goals for the future.

Today, let’s talk about the rising and unscalable costs of legacy SIEM solutions.

We’ve already covered the inefficiencies of legacy SIEM in our last post and how the slow speed of legacy SIEM is a threat to your business, but the issues don’t stop there. Performance is obviously a huge factor for organizations looking to hunt threats, but we know that there are other areas decision makers look at when looking at cybersecurity options for their organizations – namely, cost.

Legacy SIEM is expensive.

The cost structure of traditional SIEM is not conducive to growing organizations that are looking to scale their security telemetry analysis with the expansion of their operations.

When your threat hunting solutions are stretching your budget, it limits your ability to adapt to other challenges in your business, and may hinder your overall growth. Wouldn’t it be great to have a solution that has number of users, not data threshold, as the basis for cost structure? We will touch on this more on our many stops of the Threat Hunt Tour.

Unfortunately, the cost problems don’t stop there.

Organizations often need to hire outside help to assist with implementation and integration, as each organization’s security priorities are unique, so SIEM alerts will need to be customized for specific use cases. This can be a robust process and can become quite expensive, and this isn’t even looking at licensing costs for the SIEM.

Furthermore, for a solution that is slow and increasingly expensive, legacy SIEMs are shockingly ill-prepared for organizations that are transitioning to the cloud.

True digital transformation is here.

It is imperative for organizations to modernize their infrastructure and move to the cloud and make sure their security management system can keep up with the rigors of modern business.

You may be in the middle of your own digital transformation right now. We know there are many stages of cloud integration through our own work with organizations across the country. For transitioning businesses, certain corporate assets may be located in your data center, while others may already be in the public cloud.

In these situations, your traditional SIEM most likely doesn’t allow visibility into the assets that are in the cloud provider’s network. This can become a big problem as your organization continues to expand.

There are many issues with legacy SIEM, but luckily, there are many alternative solutions as well.

We’ll be talking about that and more during the Threat Hunt Tour that is running until November.

Attendees will leave the tour with a FREE demo environment of Chronicle, the security telemetry platform that will give you unmatched speed and unequaled scalability when analyzing massive amounts of data to hunt the threats to your organization.

Learn how to search through petabytes of security telemetry in a fraction of the time at a fraction of the cost of traditional SIEM providers.

Join us on the tour to learn how CYDERES brings unrivaled Backstory expertise to enhance your security operations through human-led, machine-driven security-as-a-service. CYDERES is the seasoned expert you need to help your team fully realize the game-changing capabilities of Chronicle.

WE’RE COMING TO A CITY NEAR YOU!

Check out our tour stops and register to save your spot. Space is limited, so don’t delay. Visit ThreatHuntTour.com for registration links, and more information. We’ll see you soon!

The Fishtech CYDERES Threat Hunt Tour, powered by Chronicle launched last year in Boulder, Colorado.

We hit 14 cities over the course of two months to highlight the capabilities of Google’s Chronicle and Fishtech Group’s CYDERES and how they can change the security landscape of your organization, and combat the threats you face every day.

For more information on the Threat Hunt Tour and find which cities we visited on the tour, visit ThreatHuntTour.com

To give you a taste of some of the information we covered on the tour, we’re going to be looking at various threats to your business through a few blog posts. It’s time to prey on your threats – instead of letting them undercut your vision and goals for the future.

Today, let’s talk about legacy SIEM solutions.

Frankly, your legacy SIEM sucks. Literally! It’s sucking away time and profits from your business every day. It’s slow. It’s not built for a new era of analyzing petabytes of security telemetry.

Fact: Your SIEM’s speed is a threat to your business.

In the era of big data, your SIEM has more information than ever to comb through, and that can delay the amount of time it takes to detect credible threats leaving your business vulnerable. Over time, analysts will begin to inadvertently get trained by these slow searches to choose what is worth searching for, which is whatever is returned the fastest.

This can create a huge vulnerability for your organization, as analysts may not be finding the most pressing threats to your business due to a slow SIEM.

There is a better way. There is a FASTER way. On the Threat Hunt Tour, we put together hands-on workshops with proactive strategies to give you faster and more inexpensive solutions to the issues caused by traditional SIEM.

Fact: Your SIEM’s cost structure is a threat to your business.

Attendees left the tour with a FREE demo environment of Chronicle, the security telemetry platform that will give organizations unmatched speed and unequaled scalability when analyzing massive amounts of data to hunt the threats to your organization.

It’s time to learn how to search through petabytes of security telemetry in a fraction of the time at 1/10 the cost of traditional SIEM providers.

Get a solution that has number of users, not data threshold, as the basis for cost structure. Talk about a game-changer that everyone on your board can get behind!

We’d love to talk about how CYDERES brings unrivaled Chronicle expertise to enhance your security operations through human-led, machine-driven security-as-a-service. CYDERES is the seasoned expert you need to help your team fully realize the game-changing capabilities of Chronicle. Fill out the form below to get connected with a CYDERES expert so that you can harness this incredible opportunity to leave your threats in the dust.

All month long we’ve been talking about how to Level Up Your Identity Program, because of the similarities we’ve seen between the concept of Role-Playing Games (RPGs) and the role-based focus on access and authorization that are central to the concepts of Identity practices for organizations in every industry.

Today, we’re going to look closer at our tagline to break down exactly what it means. Is “Level Up Your Identity Program” just a forced metaphor to allow us to geek out about RPGs? While we are daydreaming about booting up Skyrim to finish just one more side quest before we finally move forward with the main quest, the answer is actually NO.

In order to help you transform into a world-class IAM organization, the experts at Fishtech Group will guide you through the five levels of the Capability Maturity Model. No matter where you are at currently, we want to help you level up through five established levels of capability maturity.

So, now that the main quest is set, let’s take a look at what each of those levels looks like.

The Levels of the Capability Maturity Model

Level 1 – Initial

This is the beginning of the quest, and as such, there aren’t many established processes. Some may define this level as ‘chaotic’. The notable characteristics of this level are undocumented processes, and success that is found through individual efforts on an ad hoc basis, due to a lack of definition of the processes at an organizational level.

What to do next: Start with the basics – review your current assets, define your goals, create an action plan to achieve them, document the entire process.

Level 2 – Repeatable

As processes begin to take shape, success becomes repeatable through basic documentation. Even so, there is a lack of process standardization and definition through the organization at this level.

What to do next: Revisit your objectives, identify your pain points, and seek expertise to overcome these early challenges to your goals. What’s working and not should become readily apparent in the early stages.

Level 3 – Defined

Processes and procedures become more refined and documentation becomes more robust. IAM processes have been defined as standard business practice.

What to do next: Develop success criteria for each area of the program and continue to monitor and document its development. Specific use cases (process objectives) can be developed for your growing practice and tools can be optimized to meet your requirements. 

Level 4 – Managed (Capable)

When an organization reaches the managed level, they will be able to monitor the achievement of process objectives through data collection and analysis. At this level, organizations can show that process objectives are still achieved under a variety of circumstances without quality loss, even during times of stress.

What to do next: Differentiate between defined processes and undefined or unsuccessful ones. Incident / Problem / Operations Management plans should be clear and teams clearly understanding their roles within the environment.

Level 5 – Optimizing (Efficient)

At this level, organizations have established success through defined processes and are now concerned with improving overall performance on a continual basis. Organizations should still be completing established objectives as they are optimizing their processes.

Level Up Your Identity Program

No matter where your IAM processes register on the Capability Maturity Model, we want to help you Level Up! We take a consultative approach to identify gaps and introduce next-generation solutions that help your organization minimize risk, maintain compliance, and increase efficiency.

Identity programs that deliver speed-to-value are rare, and organizations that can facilitate them even more so. A tightly integrated, optimized, and mature identity tech stack built from clearly defined policies and governance practices will provide a solid, reliable identity platform.

If you would like to know how our IAM experts can help you Level Up Your Identity Program, let us know by filling out the form below.

This month in our recent articles about Identity and Access Management (IAM), we have talked about some of the benefits of IAM, including increased security for your employees and your organization overall. We have also talked about increased efficiency with onboarding and offboarding.

So, what does something closely associated with HR have to do with a practice often touted by cybersecurity companies? Well, there are a couple side benefits stemming from proper IAM practices that may surprise you.

IAM and Onboarding

Identity and Access Management can help speed up the onboarding process for new hires and ensure that employees gain access to everything they need faster. This is a huge benefit for organizations for a number of reasons.

Proper IAM practices make sure that access to secure systems is conditional to an individual’s role, rather than to the individual. This assists your IT department by simplifying the authorization process by greenlighting access to everything an individual in a particular role may need from day one.

Employees in each specified role to get access to the systems they need in a few hours or faster, unlike outdated practices that result in a delay of access to important systems until days or weeks later.

The implementation of IAM practices helps employees:

• become productive to an organization more rapidly
• get the employee comfortable sooner by quickly moving them past the “new job limbo”
• enjoy job satisfaction more quickly

All of these benefits sound great, right? Well, onboarding is only half of the equation. Offboarding processes also benefit from the efficiencies of IAM.

IAM and Offboarding

When an employee is let go, or quits an organization, it is imperative to terminate their access as soon as it is relevant to do so. With proper Identity and Access Management practices in place, IT departments will know what employees have had access to, and should be able to remove their authorization quickly, reducing the risk for insider threats, and creating a smooth transitional period for the outgoing employee.

There are a number of ways to facilitate this process, including using single-sign on (SSO) where each employee has access to every website and application through a third party that requires only one user name and password. When the employee is being offboarded, there is only one set of credentials to worry about, so you’re not having to revoke access on a number of different platforms.

Finding ways to increase efficiency in offboarding processes will only grow in importance as trends change within the workforce.

More than 40% of millennials plan to leave a job within two years, and less than a third will be around after five years according to the 2018 Deloitte Millennial Survey. Generation Z, a group born in the mid-1990s to the mid-2000s that is now entering the workforce, has a 60% chance of leaving a workforce within two years. Only 12% plan to stay at any one job beyond five years, the survey reported.

You don’t have to run yourself through the wringer every time you need to offboard another employee. Identity and Access Management is the key to true efficiency with onboarding and offboarding for your organization.

So, while you’re making your organization more secure with Identity and Access Management by limiting who can access certain systems according to who needs said access, IAM can be a huge benefit to your HR Department as well.

If you are interested in learning how IAM can increase efficiencies for your onboarding and offboarding processes, and increase security for your organization, fill out the form below to connect with one of our IAM experts.