The threat landscape is always evolving, but with this evolution comes a number of challenges that make running a Security Operations Center (SOC) harder than ever before, experts have declared.
New technologies emerging, workplace organization has shifted rapidly, and new devices are constantly being pumped into the market - so what are the major challenges facing SOC, and how can businesses mitigate the risks presented by an ever evolving threat landscape?
The big issues
At the recent Fortinet Convergence23 conference, John Maddison, Fortinet's Chief Marketing Officer and Executive Vice President for Product Strategy, explained that cybersecurity teams no longer have control over the decisions they make surrounding their security architecture. Since Covid-19, more businesses than ever have a hybrid workforce and employees are hesitant to return to offices. This has spread the attack surface available to threat actors to unprecedented levels.
Hybrid workers also require their own devices, applications and access to storage, presenting a whole new host of security risks. Each application used is a potential avenue for cybercriminals to intrude and each device needs a network connection into the business.
As Dr Carl Windsor stated, “There is no longer a network edge.”
There are also significant limits facing SOC teams. As recent studies have shown, many teams are understaffed and therefore are experiencing burnout at a much higher rate than other industries.
Kash Valji, the company's Director of Consulting Systems Engineering, was keen to highlight that devices and applications are becoming increasingly complex and require individual configuration with security products to provide the best protection. But with the current cyber skills gap, many firewalls are being configured incorrectly, adding additional vulnerabilities to the security infrastructure.
On many occasions when a security breach occurs a firewall has logged the potential intrusion, but SOC teams are simply too overwhelmed, too understaffed, or lack the necessary expertise to neutralize a threat before damage occurs.
The solutions
Elsewhere at the event, Fortinet Field CISO, Ricardo Ferreira and Vice President of Products, Nirav Shah, explained that security teams need to understand a number of factors in order to function in the future.
The first is that there is no longer a network edge. You can no longer look at the security infrastructure and define its perimeter. From devices, to applications, to cloud hosted services - nothing is safe. Each access point needs its own robust firewall, and endpoint protection is needed for every device.
The second is to employ a Zero Trust network; access is only granted to each device after secure identity authentication; the access granted by each device or application is limited within the network to only what is required; adjust the network in real time to grant and revoke access on a per device basis.
The third is to understand that security is no longer a compliance issue. The viability and survival of a business depends on how secure it is, therefore the security strategy should integrate heavily with the business strategy. The size of the business is equal to the size of the necessary security solution.
More from TechRadar Pro
- We've listed the best identity theft protection tools around
- And these are the best malware removal tools
- Workers are putting their companies at risk by downloading software without permission